Contract Replacement With Product Change

Contract Replacement With Product Change(from product A to product B)

Change The Existing Product By Another One

API Reference

The API can be used to replace a consumer contract (so called 'product change'), created from a certain product, by another consumer contract, created from a different product (e.g. in case of card product upgrade, downgrade).

This replacement or change:

  • must be allowed by the configuration (e.g. transition from product A to product B is configured and allowed)
  • is performed either immediately or in the future (next anticipated card renewal date) depending on the configuration

As a result:

  • Card renewal and replacement are disabled for all cards within the old contract
  • In case of product change in the future, the change is scheduled at the first anticipated card renewal date within the contract, and the product change status is PENDING

When this contract replacement or product change is performed (immediately or at the scheduled date):

  • Product change status is set to PROCESSED
  • The new contract is created from the new product (target product)
  • All cards of the old contract are transferred to the new one depending on business rules (e.g. deactivated/cancelled cards are not transferred)
  • Data such as IBAN are transferred to the new contract (data to be transferred depend on issuer requirements)
  • The closing date of the old contract is set according to the delay configured for the issuer
  • Account set-up fee and membership are reimbursed on old contract if requested

API links

POST /api/V2/issuers/{issuerId}/contracts/{contractReference}/change-product

POST /api/V2/issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/change-product

Force A Pending Product Change

When a product change is scheduled for a consumer contract A, card replacement is blocked for each card of this contract A.

In this case, instead of requesting a card replacement this API allows to anticipate / force the scheduled product change on a consumer contract, identified by its Issuer Contract external reference or its Contract reference.

Also, the card to be replaced, previously permanently blocked (e.g. for lost or stolen reason) after the product change request, can be transferred to the new contract, not in cancelled status but in the status foreseen by the new product.

As a result:

  • Product change status is set to PROCESSED
  • The new contract is created from the new product
  • All cards of the old contract (e.g. contract A) are transferred to the new one depending on business rules (e.g. deactivated/cancelled, permanently blocked cards before the product change request are not transferred
  • Data such as IBAN are transferred to the new contract
  • The closing date of the old contract is set according to the delay configured for the issuer
  • Account set-up fee and membership are reimbursed on old contract if requested

API links

POST /api/V2/issuers/{issuerId}/contracts/{contractReference}/force-change-product

POST /api/V2/issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/force-change-product

Cancel A Pending or Scheduled Product Change

The API can be used to cancel a product change for a given consumer contract, identified by either its issuer Contract external reference or its Contract reference:

  • PENDING or already PROCESSED product change
  • The cancellation is possible as long as the original contract is not yet closed (product change already processed).
  • It is possible to request the reimbursement of the fees (membership fee / account setup) already posted on the new contract.
  • It is possible to request cancellation only for the latest product change that was performed for the contracts that are linked each other through a product change (old contracts, new contract)

As a result,

  • In case of cancellation of a pending product change, the product change is not performed.
  • In case of cancellation of a product change already processed, the product change is reversed:
    • the original contract,and its cards will not be closed
    • the new contract and new cards are closed immediately

API links

POST /api/V2/issuers/{issuerId}/contracts/{contractReference}/cancel-change-product

POST /api/V2/issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/cancel-change-product

Enable "on this page" menu on doc section
On

ob-data-ais-s4

Delete Consent

You can request to revoke account holder's consent. If the revocation is successful, the status of the consent will be changed to ‘Revoked’. If it’s not possible to revoke the consent, the status of the consent will be set to ‘RevokedAtTpp’, meaning the consent might still be active on the bank's side but can't no longer be used by you to retrieve the data.

In this testing scenario, it has been considered that consent has been revoked successfully. Take the following steps to complete this scenario.

Step - 1 : Get the list of connected banks

  • Call Reach API (GET /aspsp) to obtain a list of supported banks. 
  • Check API response of a record with ASPSP ID = "20101" and Name = "AIS Delete Consents".
  • Details and Options section provide a list of API endpoints  and mandatory fields that need to be used for successful account data request towards the mock bank using redirect mode of authorisation .
  • Remark: Details of reach information provided in the sandbox environment are limited and for informational purpose to give you an idea about how reach information looks like. 

Step - 2 : Initiate consent

  • Call the POST /consents API to obtain account holder's consent. 
  • In response of POST /consents, you will receive consent ID, a redirect link to authorise the consent and a link to call GET /consent/status API to get the status of the consent.
  • You will can choose various combination of permissions to access account data:      
    • "Accounts" - Only list of accounts can be retrieved. Balances and transaction details cannot be requested.
    • "Accounts", "Balances" - You can only request accounts and balances details for requested accounts.
    • "Accounts", "Transactions" - You can request list of accounts and transaction details for requested accounts.
    • "Accounts", "Balances", "Transactions" -You can request list of accounts, balances and transaction details for requested accounts. 
    • If there's no permissions provided in request, by default "Accounts", "Balances", "Transactions" permission will be used.
  • If "OwnerName" indicator set to "true" in consents request, you can receive actual owner name (if supported and provided by the mock bank) in the response of GET /accounts API.
  • "TransactionFromDateTime" and "TransactionToDateTime" can be provided in POST /consents request, so that you could access a list of transactions within a specific time period only.
  • Currently below fields are being ignored in POST /consents request in the sandbox environment but supported in live environment:
    • ValidUntilDate,
    • FrequencyPerDay,
    • RecurringIndicatior,
    • CombinedServiceIndicator,
    • PreferredScaMethod
  • If GET /consents/status endpoint has been called before user provides their approval, you will receive consent status = "Open" from the mock bank in response.

Step - 3 : Authorise or reject the consent

  • With the redirect link received in response of POST /consents, the account holder is redirected to the login page of mock bank. 
  • On this login page, the account holder can provide dummy (any) credential details as the log in page is for example purpose only.
  • Once the account holder provides their dummy credentials, they are redirected to a page with "Approve" & "Deny" buttons to authorise or reject the data access.
  • Once the account holder clicks on Approve or Deny button, the consent is created with an appropriate status and the account holder is redirected back to your software.
  • Remark : Mock bank pages were created for the testing purpose only. The actual implementation depends on bank's PSD2 implementation.

Step - 4 : Get consent status

  • Call the GET /consents/status API to get the latest consent status from the mock bank.
  • If consent is authorised by the account holder, you will receive consent status = "Authorised".
  • If consent is denied by the account holder, you will receive consent status = "Rejected" as a final consent status.

Step - 5 : Revoke consent

  • If consent status = “Authorised”, call the Delete /consents API endpoint to revoke the consent.

Step - 6 : Get consent status

  • Call the GET /consents/status API to get the latest consent status from the mock bank.
  • If consent is revoked successfully, you will receive consent status = "Revoked".

Sequence Diagram

Delete Consent
Enable "on this page" menu on doc section
On

ob-data-ais-s3

Download Transactions

If the banks supports paginated response but the number of transactions is considered too high or if the bank provides the response in CAMT format, it might be possible that the GET transactions response contains a download link only.

Using the link you can download the list of transactions in JSON format. If the bank provides the transactions in a non-JSON format, the transactions are converted to JSON by Worldline.

Processing flow for this scenario is similar to described in “Redirect flow with Date filter only” section with addition of GET /download/transactions API.

Account holder's (PSU) consent is needed to access their bank accounts details. In the Redirect Authorisation approach, the browser session of the account holder is redirected from your software / Worldline Bank Selection Interface to mock bank. In that case the mock bank provides all the pages required for authentication (usually username, password). After that the account holder is redirected to Worldline Open Banking Service and from there back to your software.

Take the following steps to complete this scenario.

Step - 1 : Get the list of connected banks

  • Call Reach API (GET /aspsp) to obtain a list of supported banks. 
  • Check API response of a record with ASPSP ID = "20102" and Name = "Account information redirect + Download transactions".
  • Details and Options section provide a list of API endpoints  and mandatory fields that need to be used for successful account data request towards the mock bank using redirect mode of authorisation .
  • Remark: Details of reach information provided in the sandbox environment are limited and for informational purpose to give you an idea about how reach information looks like. 

Step - 2 : Initiate consent

  • Call the POST /consents API to obtain account holder's consent. 
  • In response of POST /consents, you will receive consent ID, a redirect link to authorise the consent and a link to call GET /consent/status API to get the status of the consent.
  • You will can choose various combination of permissions to access account data:      
    • "Accounts" - Only list of accounts can be retrieved. Balances and transaction details cannot be requested.
    • "Accounts", "Balances" - You can only request accounts and balances details for requested accounts.
    • "Accounts", "Transactions" - You can request list of accounts and transaction details for requested accounts.
    • "Accounts", "Balances", "Transactions" -You can request list of accounts, balances and transaction details for requested accounts. 
    • If there's no permissions provided in request, by default "Accounts", "Balances", "Transactions" permission will be used.
  • If "OwnerName" indicator set to "true" in consents request, you can receive actual owner name (if supported and provided by the mock bank) in the response of GET /accounts API.
  • "TransactionFromDateTime" and "TransactionToDateTime" can be provided in POST /consents request, so that you could access a list of transactions within a specific time period only.
  • Currently below fields are being ignored in POST /consents request in the sandbox environment but supported in live environment:
    • ValidUntilDate,
    • FrequencyPerDay,
    • RecurringIndicatior,
    • CombinedServiceIndicator,
    • PreferredScaMethod
  • If GET /consents/status endpoint has been called before user provides their approval, you will receive consent status = "Open" from the mock bank in response.

Step - 3 : Authorise or reject the consent

  • With the redirect link received in response of POST /consents, the account holder is redirected to the login page of mock bank. 
  • On this login page, the account holder can provide dummy (any) credential details as the log in page is for example purpose only.
  • Once the account holder provides their dummy credentials, they are redirected to a page with "Approve" & "Deny" buttons to authorise or reject the data access.
  • Once the account holder clicks on Approve or Deny button, the consent is created with an appropriate status and the account holder is redirected back to your software.
  • Remark : Mock bank pages were created for the testing purpose only. The actual implementation depends on bank's PSD2 implementation.

Step - 4 : Get consent status

  • Call the GET /consents/status API to get the latest consent status from the mock bank.
  • If consent is authorised by the account holder, you will receive consent status = "Authorised".
  • If consent is denied by the account holder, you will receive consent status = "Rejected" as a final consent status.

Step - 5 : Get list of accounts

  • Once the consent is authorised by the customer (PSU), call the GET /accounts API to obtain list of accounts.

Step - 6 : Get transaction details

  • Call the GET /transactions API to retrieve transactions details of respective account. 
  • In response, you will receive GET /download/transactions API link.

Step - 7 : Download transactions

  • Call the GET /download/transactions API link  and  receive the list of transactions in JSON format.

Sequence Diagram

AIS Download Transactions
Enable "on this page" menu on doc section
On

ob-data-ais-s2

Redirect flow with DateTime filter

This scenario is similar to the first testing scenario with a slight difference, that the returned transactions are filtered using both date and time parameters ("dateFrom" & "dateTo" query parameters) as we want to bring to your attention that some banks provide requested transaction data based on date & time.

Take the following steps to complete this scenario.

Step - 1 : Get the list of connected banks

  • Call Reach API (GET /aspsp) to obtain a list of supported banks. 
  • Check API response of a record with ASPSP ID = "20116" and Name = "Account Information redirect + Transaction datetime filter".
  • Details and Options section provide a list of API endpoints  and mandatory fields that need to be used for successful account data request towards the mock bank using redirect mode of authorisation .
  • Remark: Details of reach information provided in the sandbox environment are limited and for informational purpose to give you an idea about how reach information looks like. 

Step - 2 : Initiate consent 

  • Call the POST /consents API to obtain account holder's consent. 
  • In response of POST /consents, you will receive consent ID, a redirect link to authorise the consent and a link to call GET /consent/status API to get the status of the consent.
  • You will can choose various combination of permissions to access account data:      
    • "Accounts" - Only list of accounts can be retrieved. Balances and transaction details cannot be requested.
    • "Accounts", "Balances" - You can only request accounts and balances details for requested accounts.
    • "Accounts", "Transactions" - You can request list of accounts and transaction details for requested accounts.
    • "Accounts", "Balances", "Transactions" -You can request list of accounts, balances and transaction details for requested accounts. 
    • If there's no permissions provided in request, by default "Accounts", "Balances", "Transactions" permission will be used.
  • If "OwnerName" indicator set to "true" in consents request, you can receive actual owner name (if supported and provided by the mock bank) in the response of GET /accounts API.
  • "TransactionFromDateTime" and "TransactionToDateTime" can be provided in POST /consents request, so that you could access a list of transactions within a specific time period only.
  • Currently below fields are being ignored in POST /consents request in the sandbox environment but supported in live environment:
    • ValidUntilDate,
    • FrequencyPerDay,
    • RecurringIndicatior,
    • CombinedServiceIndicator,
    • PreferredScaMethod
  • If GET /consents/status endpoint has been called before user provides their approval, you will receive consent status = "Open" from the mock bank in response.

Step - 3 : Authorise or reject the consent 

  • With the redirect link received in response of POST /consents, the account holder is redirected to the login page of mock bank. 
  • On this login page, the account holder can provide dummy (any) credential details as the log in page is for example purpose only.
  • Once the account holder provides their dummy credentials, they are redirected to a page with "Approve" & "Deny" buttons to authorise or reject the data access.
  • Once the account holder clicks on Approve or Deny button, the consent is created with an appropriate status and the account holder is redirected back to your software.
  • Remark : Mock bank pages were created for the testing purpose only. The actual implementation depends on bank's PSD2 implementation.

Step - 4 : Get consent status

  • Call the GET /consents/status API to get the latest consent status from the mock bank.
  • If consent is authorised by the account holder, you will receive consent status = "Authorised".
  • If consent is denied by the account holder, you will receive consent status = "Rejected" as a final consent status.

Step - 5 : Get list of accounts

  • Once the consent is authorised by the customer (PSU), call the GET /accounts API to obtain list of accounts.

Step - 6 : Get balances details

  • Once you obtain a list of accounts, call GET /balances API to get the balance details of respective account.

Step - 7 : Get transaction details

  • Call the GET /transactions API to retrieve transactions details of respective account. 
  • In sandbox environment you can try out the below functionalities of GET /transactions API:
    • Get transaction data for specific date range using "dateFrom" & "dateTo" query parameters. Transaction data is returned based on date with time as this might also happen in the live environment. 
  • If the mock bank responds with large number of transactions, you may receive a paginated transactions response.
  • In case of paginated response, you can retrieve appropriate transaction page using "first", "next", "previous", "last", "self" links provided in the response.

Sequence Diagram

AIS with Redirect authorisation - dateTime

 

Enable "on this page" menu on doc section
On

ob-data-ais-s1

Redirect flow with Date filter only

Account holder's (PSU) consent is needed to access their bank accounts details. In the Redirect Authorisation approach, the browser session of the account holder is redirected from your software / Worldline Bank Selection Interface to mock bank. In that case the mock bank provides all the pages required for authentication (usually username, password). After that the account holder is redirected to Worldline Open Banking Service and from there back to your software.

Take the following steps to complete this scenario.

Step - 1 : Get the list of connected banks

  • Call Reach API (GET /aspsp) to obtain a list of supported banks. 
  • Check API response of a record with ASPSP ID = "20101" and Name = "Account Information redirect + Transaction Date filter".
  • Details and Options section provide a list of API endpoints  and mandatory fields that need to be used for successful account data request towards the mock bank using redirect mode of authorisation .
  • Remark: Details of reach information provided in the sandbox environment are limited and for informational purpose to give you an idea about how reach information looks like. 

Step - 2 : Initiate consent

  • Call the POST /consents API to obtain account holder's consent. 
  • In response of POST /consents, you will receive consent ID, a redirect link to authorise the consent and a link to call GET /consent/status API to get the status of the consent.
  • You will can choose various combination of permissions to access account data:      
    • "Accounts" - Only list of accounts can be retrieved. Balances and transaction details cannot be requested.
    • "Accounts", "Balances" - You can only request accounts and balances details for requested accounts.
    • "Accounts", "Transactions" - You can request list of accounts and transaction details for requested accounts.
    • "Accounts", "Balances", "Transactions" -You can request list of accounts, balances and transaction details for requested accounts. 
    • If there's no permissions provided in request, by default "Accounts", "Balances", "Transactions" permission will be used.
  • If "OwnerName" indicator set to "true" in consents request, you can receive actual owner name (if supported and provided by the mock bank) in the response of GET /accounts API.
  • "TransactionFromDateTime" and "TransactionToDateTime" can be provided in POST /consents request, so that you could access a list of transactions within a specific time period only.
  • Currently below fields are being ignored in POST /consents request in the sandbox environment but supported in live environment:
    • ValidUntilDate,
    • FrequencyPerDay,
    • RecurringIndicatior,
    • CombinedServiceIndicator,
    • PreferredScaMethod
  • If GET /consents/status endpoint has been called before user provides their approval, you will receive consent status = "Open" from the mock bank in response.

Step - 3 : Authorise or reject the consent

  • With the redirect link received in response of POST /consents, the account holder is redirected to the login page of mock bank. 
  • On this login page, the account holder can provide dummy (any) credential details as the log in page is for example purpose only.
  • Once the account holder provides their dummy credentials, they are redirected to a page with "Approve" & "Deny" buttons to authorise or reject the data access.
  • Once the account holder clicks on Approve or Deny button, the consent is created with an appropriate status and the account holder is redirected back to your software.
  • Remark : Mock bank pages were created for the testing purpose only. The actual implementation depends on bank's PSD2 implementation.

Step - 4 : Get consent status

  • Call the GET /consents/status API to get the latest consent status from the mock bank.
  • If consent is authorised by the account holder, you will receive consent status = "Authorised".
  • If consent is denied by the account holder, you will receive consent status = "Rejected" as a final consent status.

Step - 5 : Get list of accounts

  • Once the consent is authorised by the customer (PSU), call the GET /accounts API to obtain list of accounts.

Step - 6 : Get balances details

  • Once you obtain a list of accounts, call GET /balances API to get the balance details of respective account.

Step - 7 : Get transaction details

  • Call the GET /transactions API to retrieve transactions details of respective account. 
  • In sandbox environment you can try out the below functionalities of GET /transactions API:
    • Get transaction data for specific date range using "dateFrom" & "dateTo" query parameters. Transaction data is returned based on date without time as this might also happen in the live environment. 
  • If the mock bank responds with large number of transactions, you may receive a paginated transactions response.
  • In case of paginated response, you can retrieve appropriate transaction page using "first", "next", "previous", "last", "self" links provided in the response.

Sequence Diagram

AIS with Redirect Authorisation
Enable "on this page" menu on doc section
On

ob-data-ais-sand

List of Account Information Service Scenarios

Below you'll find a list of account data testing scenarios. Each scenario has a separate page including a step by step description of the steps to complete the scenario. You can choose a scenario by providing the corresponding ASPSP ID in the request, which initiates the consent.

To simplify the interaction, these scenario's work with a static token which doesn't expire. This sandbox token is supplied in the API reference.

You can use the sandbox:

  • either on the API reference page (only for registered users, look for the 'try' button) or
  • with a tool like Postman
Sr. No.Scenario NameASPSP IDScenario Guideline
01.Redirect Flow With Date Filter Only (accounts, balances and transactions are retrieved)  20101Read more
02.Redirect Flow With DateTime Filter (accounts, balances and transactions are retrieved)  20116Read more
03.Download Transactions 20102Read more
04.Delete Consents 20101Read more

 

Enable "on this page" menu on doc section
On

ob-data-ais-api

Consent Initiation

API Reference

Consent scope

Account data is only provided with the consent of the account holder.  Consent can be given according to three permission groups where a combination of the 3 groups is possible:

  • Accounts
  • Balances
  • Transactions 

The consent can be granted to all accounts or to specific accounts depending whether account holder's bank supports the detailed consent.

POST Consents

Endpoint: POST /psus/{psuId}/consents

Base URL: /xs2a/routingservice/services/ob/ais/v3

This endpoint is used to set up a consent for an account holder for a specific bank. Depending on the bank's API the possible combinations of permissions and account references differ.  Use Permissions body parameter to specify what information you wish to obtain (accounts and / or balances and / or transactions). In case it was not provided, the default (access to all) is used.

In case recurring consent is needed, you should use the body parameter ‘RecurringIndicator’ = True. The default behavior is to request a recurring consent valid for 180 days unless the ValidUntilDate is provided.

Supported consent flows will be determined by the Links section of the response.

 

Data model

Request (click to enlarge)Response (click to enlarge)
Post consent requestPost consent response

Multi-level SCA

We support the Multi-Level SCA. In this case consent has to be authorized by multiple account holders. There are no specific endpoints defined for this. The single authorizations have to be started explicitly by the POST Authorization endpoint for each single account holder.

Enable "on this page" menu on doc section
On

ob-data-ais-reach

Reach Directory API

API Reference

The Reach Directory API allows to retrieve a list of all connected banks and their details such as bank's name and bank's id. It is sufficient to refresh the list of banks once a day. For each bank we provide additional information on their PSD2 implementation, which you need to take into account while implementing consent management and data retrieval. The additional information is split into 2 parts - 'Details' and 'Options'.

Once you retrieve the list of supported banks, you will present it to the user either through the screens you have built or through Worldline Bank Selection interface. Once user bank is selected, you will need to check in Reach API response whether the selected bank requires pre-authentication or you can initiate the consent straight away.

GET ASPSPs

Endpoint: GET /aspsps

The base URL for the Reach Directory is: /xs2a/routingservice/services/directory/v3 

This endpoint is used to retrieve the reach directory.

Data model

RequestResponse (click to enlarge)
Get reach requestGet reach response

Example

Request

curl -X GET "https://xs2a.awltest.de/xs2a/routingservice/services/directory/v3/aspsps?allDetails=true&allOptions=true&allAspspSpecificFields=true" 
-H "accept: application/json" 
-H "X-Request-ID: abcdef2e-3000-4000-88cc-ae40e3b113d7" 
-H "MessageCreateDateTime: 2023-09-25T08:15:00.856Z" 
-H "Service: AIS" 
-H "Authorization: Bearer dc9833a74c712d8c7a50476e71768a1f"

Response body

{
  "Service": "AIS",
  "Groups": [],
  "ASPSP": [
    {
      "AspspId": "20101",
      "Name": [
        {
          "Label": "Account information redirect + Transaction date filter",
          "Language": "en"
        }
      ],
      "Country": "XX",
      "CategoryLabel": [
        "Retail"
      ],
      "Details": [
        {
          "Api": "POST /psus/{psuId}/aspsps/{aspspId}/consents/{consentId}/identification",
          "Fieldname": "preferredScaMethod",
          "Type": "SUPPORTED",
          "Value": "REDIRECT",
          "ProtocolVersion": "BG_V_1_3_6"
        }
      ],
      "Options": [],
      "BIC": "XXAIS001"
    },
    {
      "AspspId": "20116",
      "Name": [
        {
          "Label": "Account information redirect + Transaction datetime filter",
          "Language": "en"
        }
      ],
      "Country": "XX",
      "CategoryLabel": [],
      "Details": [
        {
          "Api": "POST /psus/{psuId}/aspsps/{aspspId}/consents/{consentId}/identification",
          "Fieldname": "preferredScaMethod",
          "Type": "SUPPORTED",
          "Value": "REDIRECT",
          "ProtocolVersion": "STET_V_1_4_2_1_7"
        }
      ],
      "Options": [],
      "BIC": "XXAIS001"
    },
    {
      "AspspId": "20102",
      "Name": [
        {
          "Label": "Account information redirect + Download transactions",
          "Language": "en"
        }
      ],
      "Country": "FR",
      "CategoryLabel": [
        "Retail"
      ],
      "Details": [
        {
          "Api": "POST /psus/{psuId}/aspsps/{aspspId}/consents/{consentId}/identification",
          "Fieldname": "preferredScaMethod",
          "Type": "SUPPORTED",
          "Value": "REDIRECT",
          "ProtocolVersion": "BG_V_1_3_6"
        }
      ],
      "Options": [],
      "BIC": "XXAIS001"
    }
  ]
}

Response - Details section

The Details section in the reach directory response consists of the following fields:

  • Api - information on specific endpoints supported or not supported by the bank.
  • FieldName - name of a header or a body field.
  • Type - restriction of the API endpoint or API field.
  • Value - list of supported field values separated by ‘|’.
  • ProtocolVersion -  API version used by the bank. Can be ignored.

If there is no FieldName, the Type describes whether this endpoint is available (SUPPORTED) or not (UNSUPPORTED):

TypeAPI endpoint support
UNSUPPORTEDThe mentioned Api is not supported by account holder's bank, you will receive an error if it’s used.
SUPPORTED

The mentioned Api is supported by account holder's bank. 

If POST is supported, the corresponding API methods (GET, PUT, DELETE) are also supported, if defined in the swagger.

If the FieldName is given, the Type is describing whether the field is UNSUPPORTED, SUPPORTED, MANDATORY or FORBIDDEN. The table below specifies the rules for the Type-FieldName combination:

Type FieldName restrictions
UNSUPPORTEDThe FieldName  is not supported. If mentioned FieldName is provided in request,  you will receive an error.
SUPPORTEDThe field mentioned in FieldName is supported and you need to use one of the values provided in the Value field. If you won't provide a specific value in the request, a default value will be used. If an unsupported value is used, you will receive an error.
MANDATORYThe mentioned FieldName is mandatory and has to be filled with one of the values in the Value field. In case Value field does not contain specific value, you can use any value. If you won't provide a specific value in the request or use an unsupported value, you will receive an error.
FORBIDDENThe mentioned FieldName is forbidden. If used, you will receive an error.

Example 1 - Api without FieldName 

An example for API endpoint without the FieldName is the pre-authentication API. For most banks, a pre-authentication is not supported. For those banks where a pre-authentication is possible there is a record in the Details section:

"Api": "POST /psus/{psuId}/Aspsps/{aspspId}/pre-authentication",
"Type": "SUPPORTED",
"ProtocolVersion": "BG_V_1_3_0"

Example 2 - Api combined with FieldName

The example below indicates that from the 'preferredScaMethod' enumeration only the value 'REDIRECT' can be used.


"Api": "POST /psus/{psuId}/aspsps/{aspspId}/consents",
"Fieldname": "preferredScaMethod",
"Type": "SUPPORTED",
"Value": "REDIRECT",
"ProtocolVersion": "STET_V_1_4_2_1_7"

Response - Options section

The Options section provides information regarding the way of using API endpoints for specific bank similar to the Details section. But the information given here is not that specifically related a single API endpoint. It is more to be seen as a parameter for the bank.

Since the Options are not defined for a single endpoint there is no Api attribute given for the single options. Instead they have two keys (Key1 and Key2) identifying the use of the single Option. An example:

"Key1": "PREAUTH_MANDATORY",
"Value": "1",
"Level": "INFORMATIONAL"

In this case for the given bank pre-authentication is mandatory because the value is set to 1. The setting of 1 is reflecting that the option is set. A list of possible option keys is given below. The Key2 is currently not used. It is foreseen to allow definition of grouped options having the same main key Key1 and a different sub-key key2. An example for options provided in the Reach API is shown below:

Key1Key2ValueLevelDescription
PREAUTH_MANDATORY 1, 0INFORMATIONAL

The pre-authentication (regardless whether being done implicitly or explicitly) is mandatory.

Default 0

PREAUTH_EXPLICIT_REQUIRED 1, 0CRITICALPre-authentication has to be done explicitly by the POST pre-authentication endpoint.

 

Enable "on this page" menu on doc section
On
Subscribe to