Austria

Austria

Image Description
Enable "on this page" menu on doc section
On

Supported Countries

Supported Countries

 

We support payments and account data in 20 countries, 

covering at least 80% of payment accounts in each.

 

We are continually expanding our reach and updating our list.  

If you're interested in a specific country or bank not listed,  

please reach out to us - we're here to help!

 

As a registered user, you can jump straight to the country pages and 

check out the list of banks from which you can initiate payments or

retrieve data using our Open Banking products.

 

Not signed up yet? Just register here!

Map Image
 
Austria
 
France
 
Poland
 
Belgium
 
Germany
 
Romania
 
Bulgaria
 
Hungary
 
Slovakia
 
Croatia
 
Italy
 
Slovenia
 
Czech Republic
 
Luxembourg
 
Spain
 
Denmark
 
Netherlands
 
Sweden
 
Finland
 
Norway
 
Enable "on this page" menu on doc section
On

REST API V2 - 2.28.0

REST API V2 - 2.28.0

Version 2.27.0 to 2.28.0

What's New

No API added.

What's Changed

POST /issuers/{issuerId}/cards/declare-counterfeit-card
Request body :
  • Deleted property reasonCode (string)
  • Deleted property responseCode (string)
GET /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}
Response:
  • Changed property data (object Account)
    • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/accounts/{accountReference}
Response:
  • Changed property data (object Account)
    • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/accounts
Response:
  • Changed property data (array)
    • Changed items (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/contracts/{contractReference}/accounts
Response:
  • Changed property data (array)
    • Changed items (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/customers/external-customers/{issuerCustomerExternalReference}/accounts
Response:
  • Changed property data (array)
    • Changed items (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/customers/{customerReference}/accounts
Response:
  • Changed property data (array)
    • Changed items (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/corporate-contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/accounts/{accountReference}/contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/accounts/{accountReference}/corporate-contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/card-contracts/external-card-contracts/{issuerCardContractExternalReference}/contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/card-contracts/{cardContractReference}/contract
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/{contractReference}/corporate-employee-accounts/{accountReference}
Response:
  • Changed property data (object CorporateEmployeeAccount)
    • Changed property account (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/{contractReference}/corporate-employee-accounts/external-accounts/{issuerAccountExternalReference}
Response:
  • Changed property data (object CorporateEmployeeAccount)
    • Changed property account (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/corporate-employee-accounts/external-accounts/{issuerAccountExternalReference}
Response:
  • Changed property data (object CorporateEmployeeAccount)
    • Changed property account (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/corporate-employee-accounts/{accountReference}
Response:
  • Changed property data (object CorporateEmployeeAccount)
    • Changed property account (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/contracts/{contractReference}
Response:
  • Changed property data (object Contract)
    • Changed property accounts (array)
      • Changed items (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/card-contracts/external-card-contracts/{issuerCardContractExternalReference}/corporate-contract
Response:
  • Changed property data (object CorporateContract)
    • Changed property rootAccount (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateContractEntities (array)
      • Changed items (object CorporateContractEntity)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateEmployeeAccounts (array)
      • Changed items (object CorporateEmployeeAccount)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/card-contracts/{cardContractReference}/corporate-contract
Response:
  • Changed property data (object CorporateContract)
    • Changed property rootAccount (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateContractEntities (array)
      • Changed items (object CorporateContractEntity)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateEmployeeAccounts (array)
      • Changed items (object CorporateEmployeeAccount)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/{contractReference}
Response:
  • Changed property data (object CorporateContract)
    • Changed property rootAccount (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateContractEntities (array)
      • Changed items (object CorporateContractEntity)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateEmployeeAccounts (array)
      • Changed items (object CorporateEmployeeAccount)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}
Response:
  • Changed property data (object CorporateContract)
    • Changed property rootAccount (object Account)
      • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateContractEntities (array)
      • Changed items (object CorporateContractEntity)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
    • Changed property corporateEmployeeAccounts (array)
      • Changed items (object CorporateEmployeeAccount)
        • Changed property account (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
POST /search-contracts
Response:
  • Changed property data (array)
    • Changed items (object Contract)
      • Changed property accounts (array)
        • Changed items (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
POST /issuers/{issuerId}/contracts/search
Response:
  • Changed property data (array)
    • Changed items (object Contract)
      • Changed property accounts (array)
        • Changed items (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/customers/external-customers/{issuerCustomerExternalReference}/contracts
Response:
  • Changed property data (array)
    • Changed items (object Contract)
      • Changed property accounts (array)
        • Changed items (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/customers/{customerReference}/contracts
Response:
  • Changed property data (array)
    • Changed items (object Contract)
      • Changed property accounts (array)
        • Changed items (object Account)
          • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/companies/{customerReference}/corporate-contracts
Response:
  • Changed property data (array)
    • Changed items (object CorporateContract)
      • Changed property rootAccount (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateContractEntities (array)
        • Changed items (object CorporateContractEntity)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateEmployeeAccounts (array)
        • Changed items (object CorporateEmployeeAccount)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
GET /issuers/{issuerId}/companies/external-customers/{issuerCustomerExternalReference}/corporate-contracts
Response:
  • Changed property data (array)
    • Changed items (object CorporateContract)
      • Changed property rootAccount (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateContractEntities (array)
        • Changed items (object CorporateContractEntity)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateEmployeeAccounts (array)
        • Changed items (object CorporateEmployeeAccount)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
POST /search-corporate-contracts
Response:
  • Changed property data (array)
    • Changed items (object CorporateContract)
      • Changed property rootAccount (object Account)
        • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateContractEntities (array)
        • Changed items (object CorporateContractEntity)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
      • Changed property corporateEmployeeAccounts (array)
        • Changed items (object CorporateEmployeeAccount)
          • Changed property account (object Account)
            • Deleted property externalAuthorizationsRestrictions (array)
 

What's Deleted

No API deleted.

Enable "on this page" menu on doc section
On

Getting Started with FIDO Server by Worldline

Prerequisites​

You need to keep your client_id and secret_id that was sent to you by mail.

If you lost your secret_id, please contact us to generate a new one for you.

There is two types of credentials with different scope. The firsts credentials you received are for the administrative scope, to manage your relying parties servers. You have to use these firsts credentials to create a relying party via API, and in response you will received second credentials related to your relying party with "service" scope that will enable you to configure it and handle your users via API. 

These credentials are needed for all interactions with the Fido Server by Worldline.

You also need the audience to access generate bearer tokens.

OAuth2 Server URL  : https://access.fido.worldline-solutions.com

Audience : https://my-wafl-api-gateway-6glqflxv.ew.gateway.dev  - to update 

API access and authentication

The FIDO Server by Worldline (also called WAFL Server) API uses the OAuth Client Credentials Flow to authenticate API calls.


Request tokens

Example using curl
curl --request POST \
    --url 'https://access.fido.dev.worldline-solutions.com/oauth2/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header 'Authorization: Basic Base64Encode(concat('client_id', ':', 'client_secret'))' \
    --data 'grant_type=client_credentials' \
    --data 'audience=https://my-wafl-api-gateway-206w9c7e.ew.gateway.dev'
Parameters
  • grant_type : set this to your "client_credentials"
  • audience : the audiance for the token (see the prerequisites)
Response

If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, and expires_in values:

{
  "access_token": "eyJz93a...k4laUWw",
  "expires_in": 3600
}
Access token lifetime

The lifetime of a token is set to 3600 seconds

Use the Worldline FIDO Server APIs

Declare your relying party server

Once you received your credentials by mail with the "admin" scope, you can declare your relying party server with the admin/relying-parties API, where you give the name of your relying party, and get the credentials with the "service" scope that you can configure in your relying party server to use the FIDO authentication service.

You also have to declare the origins of your relying party application with the admin/relying-parties/{id}/origins API.

Enable your users to register

You can use our Browser SDK to facilitate the integration of FIDO protocol into your web application and use the browser APIs.

The registration is a two steps action as it contains an initiation step to generate the challenge that will be used by the authenticator for cryptographic operations.

In the initiation step your relying party gives information about the registration like the username, friendlyName and authenticator properties. The Worldline FIDO server respond with a challenge to give to the authenticator.

The attestationBlob, response of the authenticator, is passed through the finalization step so that the Fido server complete the registration.   

Enable your users to authenticate

The authentication is also a two steps action as it contains an initiation step to generate the challenge that will be used by the authenticator for cryptographic operations.

The initiation step is where your relying party informs the server for which user you want to do an authentication. The response contains the challenge on which the authenticator will have to make cryptographic operations.

The result of these operations is passed through the finalization step in the assertionBlob where the Fido Server will do the authentication. 

Manage your users

Once your users are registered, you can list their authenticators, update the friendlyName of an authenticator (for the user to better identify his authenticator) and delete them via the /users APIs.

Enable "on this page" menu on doc section
On

Transactions

Transactions

Retrieve Transaction Details

The API allows the transaction details to be retrieved.

The main input fields are:

  • The issuer ID
  • The transaction for which the detail is requested: It is provided by using the transaction Id.

It is also possible to request some additional data relative to addendum (to retrieve lodging information, car rental information, air itinerary information) by using the embedded fields.

In return, the interface provides the generic information (mainly master data) relevant to the transaction.

API links

GET /api/v2/issuers/{issuerId}/transactions/{transactionId}

Search Transactions (Global)

The API provides possibility to retrieve a list of transactions (original first presentments received from the card schemes), based on certain criteria.

At least one of the following criteria for searching must be provided:

  • PAN
  • PAN token
  • Transaction identifier
  • Acquirer reference number
  • Virtual Service Card Number
  • Card Identifier
  • Account Identifier

If requested, the API allows also to:

  • search from an issuer and optionally with sub-issuers OR search from a list of issuers (by default, the search is performed on all issuers allowed for the user depending on its rights)
  • return only certain transactions (disputed transactions, fraudulent transactions)
  • request to enrich the response with additional data relative to addendum (to retrieve lodging information, car rental information, air itinerary information) by using embedded fields

The API response contains all matched transactions sorted by descending transaction date.

API links

POST /api/v2/search-transactions

Enable "on this page" menu on doc section
On

Data Export

Data Export

API Reference

Data export solution description

The data export solution is a new external Push Service totally independent from the existing scoring notification request, containing a maximum of information of the transaction and the authentication process.

The platform HUB purposes two kinds connectivity with banks for this purpose.

  • The data are sent by Webservice to API REST bank Server end-point

or

  • The data are sent by file to bank file Server

Data export scheme

The data export solution defined is based on data conveyed in the AReq and RReq messages + Scoring and authentication process.

It takes advantage of the HUB to provide the necessary available data from those messages.

The HUB is the key module to collect and to treat those data as it is the central module involved in the 3DS authentication process. 

The messages contain most of the relevant information needed to get the context of a transaction and to provide enough information to consolidate and refine the authorization process.

Workflow of the process:

  • The HUB collect data from Areq and Rreq messages.
  • The datas are encrypted and sent through messages to the transaction export gateway.
  • The data are sent through a specific gateway to the IS bank according to the selected option (batch file or real time).

Real-time push option

With this solution, bank will be able to receive the data just after the authentication transaction ending (after RReq/RRes message).

The data are pushed to bank through a dedicated Webservice API.

The data will be sent on a REST JSON format. The Web Services will be transmitted in HTTPS - TLS 1.2 and will be configured on the Worldline PCI-DSS Proxy as followed:

  • By default on internet with a mandatory mutualized authentication
  • If asked by the bank, on a VPN or LS

A rate limiter is defined (max TPS) on the HUB push platform and must be configured depending on Issuer Bank transaction volume and IS Bank Server capacity.

If the HUB cannot reach the bank Webservice, a retry process is forecasted. This retry flow is ordered by a FIFO rule.

Two kind of errors are defined, some are due to context and triggers a retry attempt, some are due to data or configuration error and will no triggered any retry. Cf. 3.5.1.2

The retention of data is fixed for a 4 days period. During this time laps the transactions are systematically pushed to the bank until the bank module responds.

After 4 days, the transaction and data not transmitted are deleted from the queue.

Batch file option

With this solution, bank will receive the data through a file.

The file will be generated with a frequency of at least 2 files per day (one per site).

A ‘pull’ or ‘push’ process could be implemented to share the files with IS Bank.

A file system solution will allow Worldline to keep the file during 2 weeks. After this period, the files will be deleted.

The data will be sent on a JSON format through the PCI-DSS gateway on sFTP or PESIT SSL. File could be encrypted in GPG or SMIME.

Enable "on this page" menu on doc section
On
Subscribe to