NAV Navbar
Short white logo

Getting Started

Definitions

Term Definition
AISP Account Information Service Provider. A Client application that allows a Customer to list account and holder information.
Client A 3rd party financial application.
Connector Proxy interface before Provider’s API.
Customer A bank account holder.
PISP Payment Initiation Service Provider. A Client application that allows a Customer to initiate payments on their behalf.
PIISP Payment Issuer Instrument Service Provider. A Client application that checks coverage of a payment by Customer’s account.
Provider Any registered bank or financial institution.
Session Any activity that is forwarded by Priora to Connector on behalf of a Customer.
Scopes A set of permissions granted to a Client application.
TPP Unregulated Third Party Provider.

Registration

The process of client registration is as easy as navigating to Client registration page and filling in your Client’s(Company’s) name, administrator’s email, and a password.

Client configuration & API keys

Any client may have any number of Client Applications, them being essentially API keys(ID and secret). These applications serve to identify a specific Client configuration. For example, say we have a company X that identifies itself as a PFM. Suppose it targets mobile devices(iOS, Android) and web browsers, thus they would have to configure three client applications, one for Apple devices, another for Android devices, and one for web browsers. Or maybe Company X needs to test their new features within staging environment first, then it would be convenient to configure another client application for these purposes.

But before managing API keys it is wise to configure the Client itself. In order to do this, navigate to Client Settings. In details tab you may modify your Client’s name and email, as well as select permissions with which you wish to operate by specifying scopes(please note that you may specify scopes for every API key pair separately, however they cannot exceed the limits you specify in Client’s scopes). You must also specify the role of your client, it may be chosen from predefined roles.

Client details

In order to be able to go Live, your client has to supply its eIDAS public key. This can be done by accessing Security tab and pasting in the public key.

Security

Now back to managing API keys. The very first test application will be created for you during the Client registration process. To configure it navigate to applications page.

Applications

Proceed by selecting Test application.

Client Application details

On the page presented above you may change application’s name, regenerate application secret, pick the scopes that your application will support, and set up callback(also doubles as redirect URL) URL for updates from Priora as well as select the role of your application. In order for your Client to go live, you must have configured at least one client application.

Using the API

Postman collection

You can try out the API using postman collection, but it’s important to read this documentation before, in order to have a graveful start.

Request signature

Priora public key

  

Almost all requests(with a few exceptions) must be signed. Priora implements request signature verification via Authorization headers. These must contain grant type Bearer followed by a JSON Web Token. A payload should be generated on a per request basis and should include exp and data claims, the former being expiration time and the latter being a JSON object including all relevant parameters for a request, if there are no such parameters it should be left empty. This payload should then be encoded into a JWT via RS256 algorithm using Client application’s private key.

Scopes

Scopes are permissions granted to access tokens.

Scope Description
accounts Required for accessing Customer account list and account data.
funds_availability Required for checking whether Customer’s account has enough funds to carry out a specific payment. Required by PIISP Clients.
transactions Required for accessing Customer transactions under specific accounts, therefore best be used along accounts scope.
kyc Required for accessing account holder information.
payments Required for accessing Customer payment accounts as well as for payment initiation.

Roles

Roles are used to identify which API is suitable for specific client applications.

Role Description
Regulated This role grants access to V2 API which is reserved for regulated entities, such as AISP or PISP.
Third party This role grants access to TPP API (via OAuth) which is reserved for non regulated Third Party Providers.

Events

Events are phases of session and payment life cycles.

Event Description
processing Request to push session/payment into the next phase has been received by Priora and is undergoing processing.
redirect The customer is being redirected to a provider page in order to perform authentication.
waiting_confirmation Session/payment is waiting for an interactive step outside of Client application or Priora(outside the current page).
waiting_confirmation_code Session/payment is waiting for an interactive step within client application or Priora(on the current page).
fetched_accounts Account information has been fetched from the bank and can be requested.
fetched_transactions Transaction information has been fetched from the bank and can be requested.
fetched_kyc Holder information has been fetched from the bank and can be requested.
closed Session/payment has been closed. To know whether it was a success or a failure, peer into success_at/fail_at fields from the response.

Become a TPP

Register TPP

Verb and Path

POST /api/v2/tpp/register

Headers

Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and certificate’s private_key.

Example of unpacked Authorization header

{
  "data": {
    "company": {
      "name": "Some Name",
      "email": "incident@email.com",
      "address":  "Adress street 34",
      "city": "Bucuresti",
      "zip_code": "546",
      "phone_number": "+12312312313"
    },
    "representative": {
      "name": "Jonh Dow",
      "email": "john.smith@email.com"
    },
    "certificate": {
      "type": "qseal",
      "name": "My Main Certificate",
      "pem": "-----BEGIN CERTIFICATE-----
        MIIDjzCCAncCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRlc3QwMDAxIDAeBgNVBAMMF2NlcnRTSU
        dOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQKDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkwNTIxMTMxNDA1WhcNMjEw
        NTIwMTMxNDA1WjBbMRcwFQYDVQRhDA5UcHBTYWx0VGVzdDAwMDEgMB4GA1UEAwwXY2VydFNJR05TQUxUVEVTVCBXZWIgQ0
        ExETAPBgNVBAoMCFNhbHRUZXN0MQswCQYDVQQGEwJSTzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+
        HFcLQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF620wuIq+7pjOXPPw+Y9XQBpSkjur
        byhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4Ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDd
        Wj0BrkGjWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEushFYCYwo3uaUITygxNdBrZ5N
        iZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP6SPRJ3FLGtkCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
        HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCqT38tfUQATyq727DEbVt8hiDH6MB8GA1UdIwQYMBaAFCqT38tfUQATyq727DEbVt
        8hiDH6MA0GCSqGSIb3DQEBCwUAA4IBAQBcUjn9zwH3ViBqBvgVim9HIIF7Jv9JSS1bSPqjcbWWJluHWuhkfgLBU52JIu0F
        LHiP9JlUHPnKliUgSFXZJCJ5e+0+YKWJALdsdO9kdn0ezmihDVXLde2RF0PKIuGmTK+C0O3DmOzOZz4I/vtaRFZVp3msTg
        k79SnXI/OIX5vxP+kdZYUGt/GV1J+kO7oGcGZWiqDd+8g3VlOLVChVbnhJc8rnsnDTGK8Gjlindom1D0Zq4LLuQp4yGY8B
        39RF9w5vNWl5TxhuSk/IZ2nv0pexgVhh278LXvto8AZAifLaDOsrhrmzel13IjtuKKmNIIdr9/a+yrf+CVIRJhl+xn
        -----END CERTIFICATE-----"
    }
  },
  "exp": 1560247619
}

Register new certificate

Verb and Path

POST /api/v2/tpp/certificates

Headers

Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application certificate’s private_key.
App-Id string, required Application ID.
App-Secret string, required Application Secret.

Example of unpacked Authorization header

{
  "data": {
    "certificate": {
      "type": "qseal",
      "name": "My Main Certificate",
      "pem": "-----BEGIN CERTIFICATE-----
        MIIDjzCCAncCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRlc3QwMDAxIDAeBgNVBAMMF2NlcnRTSU
        dOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQKDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkwNTIxMTMxNDA1WhcNMjEw
        NTIwMTMxNDA1WjBbMRcwFQYDVQRhDA5UcHBTYWx0VGVzdDAwMDEgMB4GA1UEAwwXY2VydFNJR05TQUxUVEVTVCBXZWIgQ0
        ExETAPBgNVBAoMCFNhbHRUZXN0MQswCQYDVQQGEwJSTzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+
        HFcLQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF620wuIq+7pjOXPPw+Y9XQBpSkjur
        byhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4Ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDd
        Wj0BrkGjWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEushFYCYwo3uaUITygxNdBrZ5N
        iZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP6SPRJ3FLGtkCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
        HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCqT38tfUQATyq727DEbVt8hiDH6MB8GA1UdIwQYMBaAFCqT38tfUQATyq727DEbVt
        8hiDH6MA0GCSqGSIb3DQEBCwUAA4IBAQBcUjn9zwH3ViBqBvgVim9HIIF7Jv9JSS1bSPqjcbWWJluHWuhkfgLBU52JIu0F
        LHiP9JlUHPnKliUgSFXZJCJ5e+0+YKWJALdsdO9kdn0ezmihDVXLde2RF0PKIuGmTK+C0O3DmOzOZz4I/vtaRFZVp3msTg
        k79SnXI/OIX5vxP+kdZYUGt/GV1J+kO7oGcGZWiqDd+8g3VlOLVChVbnhJc8rnsnDTGK8Gjlindom1D0Zq4LLuQp4yGY8B
        39RF9w5vNWl5TxhuSk/IZ2nv0pexgVhh278LXvto8AZAifLaDOsrhrmzel13IjtuKKmNIIdr9/a+yrf+CVIRJhl+xn
        -----END CERTIFICATE-----"
    }
  },
  "exp": 1560247619
}

Callbacks

Sample Payload with session identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    }
  }
}

Sample Payload with payment identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    },
    "payment": {
      "id": "31"
    }
  }
}

For all asynchronous actions, such as authorizing an access token, creating a payment or refreshing account information Priora will send a callback to your Client Application. The callback will be delivered to callback URL which can be configured in the Applications section of your dashboard.

Each callback will include an Authorization header that will consist of grant type Bearer followed by a JSON Web Token signed using Priora public key and RS256 algorithm. When decoded, this JWT will include exp and data claims. All relevant information will be wrapped into data claim.

The payload contains the session information (id and secret). Additionally, during the payment flow it will contain the payment information (id). Please see the example payload at the right.

Errors

Sample error response

{
  "error_class": "ClientNotFound",
  "error_message": "Client with id: '1' was not found."
}

In case a request fails a response containing error_class and error_message will be returned.

Error Description
AccessTokenMissing Access token header is missing.
AccountNotFound Account with id: ‘value’ was not found.
AuthorizationMissing Authorization header is missing.
AuthorizationTypeNotFound AuthorizationType ‘value’ was not found.
ClientNotFound Client with id: ‘value’ was not found.
EncodingInvalid Encoding is invalid.
InternalServerError Internal server error.
JWTClaimMissing Request is missing jwt claim: ‘attribute
JWTDecodeError A error happened while decoding request’s signature
JWTExpiredSignature Signature has expired
JWTIncorrectAlgorithm JWT signed using wrong algorithm
JWTVerificationError JWT signature verification failed
OauthAppNotFound OauthApp with app_id: ‘value’ was not found.
PaymentNotFound Payment with id: ‘value’ was not found.
ProviderNotFound Provider with id: ‘value’ was not found.
PublicKeyInvalid Public key is invalid.
RefreshTokenMissing Refresh token header is missing.
RequestFormatInvalid Wrong request format.
RouteNotFound Route ‘endpoint’ was not found.
ScopesInvalid Scopes are invalid.
SessionClosed Session has been closed at time with status: ‘status’.
SessionExpired Session with id: ‘value’ has expired.
SessionNotFound Session with id: ‘value’ was not found
TemplateNotFound Template with id: ‘value’ was not found.
TokenExpired Token with access_token: ‘value’ has expired.
TokenNotFound Token with access_token: ‘value’ was not found.
TokenRevoked Token with access_token: ‘value’ has been revoked.
Unauthorized Unauthorized.
ValueOutOfRange Value is out of range.
WrongRequiredFields Authorization_type ‘%{value}’ with required_fields: [%{attribute}] was not found.

Accounts

Account Extra

Attribute Type Description
status string, optional Account state.
credit_limit string, optional Credit limit.

List all accounts

Returns all accounts belonging to a Customer and all relevant information about them. Accounts available for making payments will have “payment_account” set to true.

Verb and Path

GET /api/v2/accounts/all

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least accounts scope.

Response

{
  "data": [{
    "id": 1,
    "currency_code": "USD",
    "number": null,
    "balance": "10.0",
    "name": "Visa",
    "extra": { "credit_limit": "4500.0" },
    "nature": "account",
    "provider_account_id": "123",
    "created_at": "2017-11-15T15:37:15Z",
    "updated_at": "2017-11-15T15:37:15Z",
    "iban": "USD12312342",
    "sort_code": "USD12312342",
    "payment_account": true,
    "available_amount": "9.0"
  }],

  "meta": {
    "time": "2017-11-15T15:37:15Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Account identifier on Priora.
currency_code string Currency code in ISO 4217.
number string Account number identifier within Bank.
balance string Account balance.
name string Human readable account name.
extra object Any extra information related to an account that is deemed relevant.
nature string Account nature, may be one of the following: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage.
iban string International Bank Account Number.
provider_account_id string ID that uniquely identifies this account in provider’s system.
sort_code string Used to identify bank accounts in United Kingdom and Ireland.
payment_account boolean Specifies whether account can be used to initiate payments.
available_amount string Physically available funds.

Possible errors

List account transactions

Returns transactions for a specific account.

Verb and Path

GET /api/v2/accounts/:account_id/transactions

Params

Optionally, this endpoint may receive two parameters:

Parameter Description
per_page Number of transactions that should be returned per request or less.
from_id Return transactions starting with a specific id.

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token, for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least transactions scope.

Response

{
  "data": [{
    "id": 2,
    "account_id": 2,
    "currency_code": "MDL",
    "amount": "123.4521",
    "description": "Description here",
    "extra": {
      "mcc": 9999
    },
    "fees": {},
    "made_on": "2017-11-15",
    "status": "posted",
    "category": "shopping",
    "provider_transaction_id": "123",
    "created_at": "2017-11-15T15:44:28Z",
    "updated_at": "2017-11-15T15:44:28Z"
  }],
  "meta": {
    "time": "2017-11-15T15:44:28Z",
    "version": "V2",
    "next_id": 3
  }
}
Attribute Type Description
id integer Transaction identifier on Priora.
account_id integer Account identifier on Priora.
currency_code string Transaction currency code in ISO 4217.
amount string Transaction amount.
description string Transaction description.
extra object Any extra information related to a transaction that is deemed relevant.
fees object All fees applied to given transaction.
made_on string Date on which transaction has been carried out.
status string Transaction status.
category string Transaction category.
provider_transaction_id string ID that uniquely identifies this transaction in provider’s system.

Possible errors

Fetch holder information (KYC)

Returns holder information that belongs to a Customer.

Verb and Path

GET /api/v2/accounts/holder

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token, for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least kyc scope.

Response

{
  "data": {
    "data": {
      "name": "John Smith",
      "email": "user@test.com",
      "phone": "xxx-xxx-5409",
      "address": "Faraway",
      "date_of_birth": "1985-12-12"
    }
  },
  "meta": {
    "time": "2017-11-15T15:51:06Z",
    "version": "V2"
  }
}
Attribute Type Description
data object “Know Your Customer” data.

Possible errors

List payment accounts

Returns accounts that are available for making payments and belong to a Customer.

Verb and Path

GET /api/v2/accounts/payment

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token, for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least payments scope.

Response

{
  "data": [{
    "id": 4,
    "currency_code": "USD",
    "number": null,
    "name": "Visa",
    "nature": "account",
    "provider_account_id": "123",
    "created_at": "2017-11-15T15:54:01Z",
    "updated_at": "2017-11-15T15:54:01Z",
    "iban": "USD12312342",
    "sort_code": "USD12312342"
  }],

  "meta": {
    "time": "2017-11-15T15:54:01Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Account identifier on Priora.
currency_code string Currency code in ISO 4217.
number string Account number identifier within Bank.
name string Human readable account name.
provider_account_id string ID that uniquely identifies this account in provider’s system.
nature string Account nature, may be one of the following: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage.
iban string International Bank Account Number.
sort_code string Used to identify bank accounts in United Kingdom and Ireland.

Possible errors

Refresh accounts

Refresh accounts that belong to a Customer. This endpoint sends a callback upon completion.

Verb and Path

PUT /api/v2/accounts

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least one of the following scopes: * accounts * transactions * kyc * payments

Response

{
  "data": {
    "session_secret": "8ee0cb1722615ebe_1510819559"
  },
  "meta": {
    "time": "2017-11-16T08:05:59Z",
    "version": "V2"
  }
}
Attribute Type Description
session_secret string Session identifier on Priora.

Possible errors

Payments

Payment Statuses

The current stage of a payment lifecycle is represented in status field. The status of a payment can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.

Check funds

Check funds. This request will also create a session which will be returned in the response payload. During the lifecycle, events will be added to the session which will send callbacks to your application.

Vers and Path

POST /api/v2/payments/check_funds

Headers

Header Description Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.

Required Scopes

In order to call this endpoint access token should include at least funds_availability scope.

Payload

{
  "data":
  {
    "amount": 54.77,
    "currency_code": "EUR",
    "account": "12345789"
  }
}
Attribute Type Description
amount integer, required Amount of prospective payment.
currency_code string, required Currency of prospective payment.
account string, required Account number used to identify the account for prospective payment.

Response

{
  "data": {
    "session_secret": "8c875940454223bd_1510906801"
  },
  "meta": {
    "time": "2017-11-17T08:28:23Z",
    "version": "V2"
  }
}
Attribute Type Description
session_secret string Session identifier on Priora.

Create payment

Create a payment. This request will also create a session which will be returned in the response payload. During the lifecycle, events will be added to the session which will send callbacks to your application.

Verb and Path

POST /api/v2/payments

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least payments scope.

Payload

{
  "data": {
    "payment_attributes": {
      "iban_from": "DE12345678123456781231",
      "iban_to": "DE12345678123456781231",
      "amount": "22",
      "currency_code": "USD",
      "description": "test",
      "information": ""
    },
    "template_id": "2",
    "provider_code": "demobank2",
    "redirect_url": "https://payment_confirmed.com",
    "extra": {},
    "force_sca": true // optional
  }
}
Attribute Type Description
payment_attributes object, required All attributes(required and optional) that are needed for a successful payment initiation.
template_id string, required Payment template identifier.
provider_code string, required Human readable Provider identifier.
redirect_url string, optional The URL that the customer will be redirected to after payment confirmation via redirect, if the provider initiates such a redirect.
extra object, optional Any data relevant to payment initiation process.
force_sca boolean, optional Whether to disregard exemptions and force SCA as a required step to process the payment.

Response

{
  "data": {
    "id": 29,
    "extra": {},
    "status": "initiated",
    "description": null,
    "total": null,
    "fees": {},
    "payment_attributes": {
      "iban_from": "DE12345678123456781231",
      "iban_to": "DE12345678123456781231",
      "amount": "22",
      "currency_code": "USD",
      "description": "test",
      "information": ""
    },
    "session": {
      "secret": "8c875940454223bd_1510906801",
      "status": "processing",
      "success_at": null,
      "expires_at": "2017-11-17T08:25:01Z",
      "fail_at": null,
      "fail_message": null
    },
    "created_at": "2017-11-17T08:20:01Z",
    "updated_at": "2017-11-17T08:20:01Z"
  },
  "meta": {
    "time": "2017-11-17T08:20:01Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Payment identifier on Priora.
extra object Extra data which was provided in the payment create request.
status string Payment status.
description string Short payment description.
total string Payment total.
fees object All fees applied to a payment.
payment_attributes object Attributes, based on which a payment has been initiated.
session object Session associated to a given payment.

Possible errors

Show payment

Returns current state of a payment.

Verb and Path

GET /api/v2/payments/:id

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least payments scope.

Response

{
  "data": {
    "id": 29,
    "extra": {},
    "status": "waiting_confirmation",
    "description": "sad",
    "total": "22.5573",
    "fees": [{
        "code": "operational",
        "amount": 0.2,
        "description": "Transfer fee.",
        "currency_code": "EUR"
      },
      {
        "code": "service",
        "amount": 0.3573,
        "description": "Service usage fee.",
        "currency_code": "EUR"
      }
    ],
    "payment_attributes": {
      "amount": "22",
      "iban_to": "DE12345678123456781231",
      "iban_from": "DE12345678123456781231",
      "description": "sad",
      "information": "",
      "currency_code": "USD"
    },
    "session": {
      "secret": "8c875940454223bd_1510906801",
      "status": "redirect",
      "success_at": null,
      "expires_at": "2017-11-17T08:25:01Z",
      "events": [{
        "name": "redirect",
        "extra": {
          "redirect_url": "https://url-for-payment-confirmation-redirect.com"
        }
      }],
      "fail_at": null,
      "fail_message": null
    },
    "created_at": "2017-11-17T08:20:01Z",
    "updated_at": "2017-11-17T08:20:01Z"
  },
  "meta": {
    "time": "2017-11-17T08:28:23Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Payment identifier on Priora.
extra object Extra data which was provided in the payment create request.
status string Payment status.
description string Short payment description.
total string Payment total.
fees object All fees applied to a payment.
payment_attributes object Attributes, based on which a payment has been initiated.
session object Session associated to a given payment.

Possible errors

Confirm payment

Process additional interactive steps in payment creation. During the lifecycle, events will be added to the session which will send callbacks to your application.

Verb and Path

PUT /api/v2/payments/:id

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least payments scope.

Payload

{
  "data": {
    "credentials": { "confirmation_code": ""}
  }
}
Attribute Type Description
credentials object, required Wrapper for confirmation code pair.

Response

{
  "data": {
    "id": 29,
    "extra": {},
    "status": "processing",
    "description": "sad",
    "total": "22.5573",
    "fees": [{
        "code": "operational",
        "amount": 0.2,
        "description": "Transfer fee.",
        "currency_code": "EUR"
      },
      {
        "code": "service",
        "amount": 0.3573,
        "description": "Service usage fee.",
        "currency_code": "EUR"
      }
    ],
    "payment_attributes": {
      "amount": "22",
      "iban_to": "DE12345678123456781231",
      "iban_from": "DE12345678123456781231",
      "description": "sad",
      "information": "",
      "currency_code": "USD"
    },
    "session": {
      "secret": "8c875940454223bd_1510906801",
      "status": "processing",
      "success_at": null,
      "expires_at": "2017-11-17T08:25:01Z",
      "fail_at": null,
      "fail_message": null
    },
    "created_at": "2017-11-17T08:20:01Z",
    "updated_at": "2017-11-17T08:20:01Z"
  },
  "meta": {
    "time": "2017-11-17T08:28:23Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Payment identifier on Priora.
extra object Extra data which was provided in the payment create request.
status string Payment status.
description string Short payment description.
total string Payment total.
fees object All fees applied to a payment.
payment_attributes object Attributes, based on which a payment has been initiated.
session object Session associated to a given payment.

Possible errors

Cancel payment

Cancel a specific payment.

Verb and Path

DELETE /api/v2/payments/:id

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Required scopes

In order to call this endpoint access token should include at least payments scope.

Response

{
  "data": {
    "payment_id": 29
  },
  "meta": {
    "time": "2017-11-17T08:28:23Z",
    "version": "V2"
  }
}
Attribute Type Description
payment_id integer Identifier of the payment that has been canceled.

Possible errors

Providers

List supported providers

Returns all supported providers.

Verb and Path

GET /api/v2/providers

Headers

Header Type Description
App-Id string, required Application ID
App-Secret string, required Application Secret
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Params

Optionally, this endpoint may receive two parameters:

Parameter Type Description
per_page integer, optional Number of providers that should be returned per request or less.
from_id integer, optional Return providers starting with a specific id.

Response

{
  "data": [{
    "id": 2,
    "name": "Saltedge",
    "code": "code2",
    "connector_url": "http://example.com/login",
    "status": "pending",
    "scopes": ["accounts"],
    "created_at": "2017-11-16T15:19:18Z",
    "updated_at": "2017-11-16T15:19:18Z",
    "authorization_types": [{
      "code": "sample_auth2",
      "display_name": "Sample",
      "scopes": [],
      "instruction": "Use same credentials you are using to log in to your Internet banking.",
      "extra": {},
      "required_fields": [{
        "code": "req_field2",
        "display_name": "Required",
        "optional": false,
        "extra": {},
        "validations": [],
        "type": "text"
      }],
      "mfa_fields": [{
        "code": "mfa_field2",
        "display_name": "MFA",
        "optional": false,
        "extra": {},
        "validations": [],
        "type": "text"
      }]
    }]
  }],
  "meta": {
    "time": "2017-11-16T15:19:18Z",
    "version": "V2",
    "next_id": null
  }
}
Attribute Type Description
id integer Provider identifier on Priora.
name string Provider name.
code string Human readable identifier of provider.
connector_url string URL to Connector API layer implemented by provider.
status string Current status of provider.
scopes array Set of supported scopes.
authorization_types array Set of supported authorization types.

Authorization types

Authorization types are all supported ways of authorization(obtaining access token) by an individual Customer of a Bank(Provider). Each authorization type is a set of instructions describing how it should be rendered.

Attribute Type Description
code string Serves to identify any authorization type within the scope of a Provider on Priora.
display_name string Human readable name of given authorization type.
scopes array List of scopes(permissions) that can be obtained through specific authorization type.
instruction string Short instruction for the Customer.
extra object Any extra dara related to the authorization type.
required_fields array List of all required(first step) authorization fields and their description.
mfa_fields array List of all MFA(second+ step) authorization fields and their description.

Authorization fields

Authorization fields are building blocks for authorization types, they can be of two types: * required, meaning they are the first step of authorization; * MFA, meaning they are used in the second+ steps of authorization.

Attribute Type Description
code string Serves to identify any authorization field within the scope of an authorization type as well as name of the field that should be sent in authorization request.
display_name string Human readable authorization field name.
optional boolean States whether field can be skipped or not.
extra object Any date relevant to authorization field.
validations array List of validation for a specific authorization field.
type string Specifies what kind of input is given authorization field.

Possible errors

List provider templates

Returns provider’s templates.

Verb and Path

GET /api/v2/providers/:provider_code/templates

Headers

Header Type Description
App-Id string, required Application ID
App-Secret string, required Application Secret
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Response

{
  "data": [
    {
      "id": 9,
      "description": "Transfer to another IBAN",
      "provider_id": 5,
      "created_at": "2018-01-11T14:15:48Z",
      "updated_at": "2018-01-11T14:15:48Z",
      "default": true,
      "payment_attributes": [
        {
          "attribute_name": "iban_from",
          "attribute_type": "text",
          "label": "From IBAN",
          "optional": false,
          "position": 1,
          "values": []
        },
        {
          "attribute_name": "iban_to",
          "attribute_type": "text",
          "label": "To IBAN",
          "optional": false,
          "position": 2,
          "values": []
        },
        {
          "attribute_name": "amount",
          "attribute_type": "number",
          "label": "Amount",
          "optional": false,
          "position": 3,
          "values": []
        },
        {
          "attribute_name": "description",
          "attribute_type": "text",
          "label": "Description",
          "optional": false,
          "position": 4,
          "values": []
        },
        {
          "attribute_name": "information",
          "attribute_type": "text",
          "label": "Information",
          "optional": true,
          "position": 5,
          "values": []
        },
        {
          "attribute_name": "currency_code",
          "attribute_type": "dropdown",
          "label": "Currency",
          "optional": false,
          "position": 6,
          "values": [
            "EUR",
            "USD"
          ]
        }
      ]
    }
  ],
  "meta": {
    "time": "2018-01-16T09:24:42Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Template identifier.
description string Short description of payment template.
payment_attributes array Contains a list of payment attributes with their characteristics.
provider_id integer Identifies Provider under which template was defined.
default boolean States whether given template is default or not.

Every payment attribute includes a list of characteristics.

Attribute property Type Description
attribute_name string Name of the attribute, should be used by application as input field name.
attribute_type string Type of the input field that should be used.
label string Human readable label for presentation of said payment attribute.
optional boolean Flag that shows whether the attribute is optional or not.
position integer Position index of said attribute within payment template, should be considered when rendering the template.
values array List of possible values for a given payment attribute.

Possible errors

Sessions

Session Extra

Attribute Type Description
user_present string, optional User presence.
scopes array of strings, optional Token scopes.
device_info object, optional Contains mobile platform and push_token.
public_key string, optional RSA public key.
return_to string, optional URL for redirection after authentication process is carried out.
funds_available boolean, optional Whether funds are available or not

Session Actions

Each and every session has an action associated to it that represents session’s purpose.

Action Purpose
check_funds Process of checking for coverage of a payment by Customer’s account.
create_token Creation of a token with the purpose of granting access to bank data for client applications.
refresh_token Refreshing of an expired access token.
revoke_token Revocation of an access token.
refresh_accounts Instruction for Priora to refresh data obtained from the bank.
create_payment Initiation of a payment.

Session Statuses

The current stage of a session lifecycle is represented in status field. The status of a session can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.
fetched_kyc Priora has received the information about Customer.
fetched_accounts Priora has received the accounts of Customer.
fetched_transactions Priora has received the transactions or Customer.

Show session

Returns current state of a session.

Verb and Path

GET /api/v2/sessions/:secret

Headers

Header Type Description
App-Id string, required Application ID
App-Secret string, required Application Secret
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Response

{
  "data": {
    "id": 5,
    "secret": "bab58e103942ba8d_1510910072",
    "action": "create_token",
    "status": "processing",
    "token": {
      "access_token": "9cf01a667d07da0809a39b46152dc8e9dd57ba7d078e5a1969a8690edd89c3adbb566e93eaf16ed032d97276f799a6608d5beaefee5c2f8cba9d9e6c2e6d71ff",

      "refresh_token": "7ce472e1a49294e7ae60070cb7995fc5d6fd4a046fdec5bdb442208cb425ad4b7786895a4f6fe0e941eb5568c3345c0588ebadf64aab601532e720defc73cea1",
      "expires_at": "2017-12-17T09:14:32Z"
    },
    "extra": {
      "funds_available": true
    }
    "fail_at": null,
    "success_at": null,
    "fail_message": null,
    "created_at": "2017-11-17T09:14:32Z",
    "updated_at": "2017-11-17T09:14:33Z",
    "events": [{
      "name": "processing"
    }],
    "authorization_details": {},
    "customer_id": null,
    "provider_code": "code15"
  },
  "meta": {
    "time": "2017-11-17T09:14:33Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Session identifier on Priora.
secret string Another session identifier that can be used for session lookup and confirmation.
action string Action associated with initiation of given session, it may be one of the following: create_token, refresh_accounts, create_payment.
status string Current status of the session. List of all statuses can be found here.
token object Contains data related to access token: token itself, refresh token, and expiration time.
extra object Any extra information relevant to the session.
fail_at string Time when session failed and closed.
success_at string Time when session succeeded and closed.
fail_message string Reason of session failure, if fail_at is non null.
events array List of events through which session passed.
authorization_details object Includes authorization type used, if applicable, as well as next required MFA field, if present.
provider_code string Human readable provider identifier.

Possible errors

Confirm session

Confirm a session.

Verb and Path

PUT /api/v2/sessions/:secret

Headers

Header Type Description
App-Id string, required Application ID
App-Secret string, required Application Secret
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Payload

"data": {
  "credentials": {
    "confirmation_code": ""
  }
}

Response

{
  "data": {
    "id": 5,
    "secret": "bab58e103942ba8d_1510910072",
    "action": "create_token",
    "status": "processing",
    "token": {
      "access_token": "9cf01a667d07da0809a39b46152dc8e9dd57ba7d078e5a1969a8690edd89c3adbb566e93eaf16ed032d97276f799a6608d5beaefee5c2f8cba9d9e6c2e6d71ff",

      "refresh_token": "7ce472e1a49294e7ae60070cb7995fc5d6fd4a046fdec5bdb442208cb425ad4b7786895a4f6fe0e941eb5568c3345c0588ebadf64aab601532e720defc73cea1",
      "expires_at": "2017-12-17T09:14:32Z"
    },
    "fail_at": null,
    "success_at": null,
    "fail_message": null,
    "created_at": "2017-11-17T09:14:32Z",
    "updated_at": "2017-11-17T09:14:33Z",
    "events": [{
      "name": "processing"
    }],
    "authorization_details": {},
    "customer_id": null,
    "provider_code": "code15"
  },
  "meta": {
    "time": "2017-11-17T09:14:33Z",
    "version": "V2"
  }
}
Attribute Type Description
id integer Session identifier on Priora.
secret string Another session identifier that can be used for session lookup and confirmation.
action string Action associated with initiation of given session, it may be one of the following: create_token, refresh_accounts, create_payment.
status string Current status of the session. List of all statuses can be found here.
token object Contains data related to access token: token itself, refresh token, and expiration time.
fail_at string Time when session failed and closed.
success_at string Time when session succeeded and closed.
fail_message string Reason of session failure, if fail_at is non null.
events array List of events through which session passed.
authorization_details object Includes authorization type used, if applicable, as well as next required MFA field, if present.
customer_id string Customer identifier on Priora.
provider_code string Human readable provider identifier.

Possible errors

Cancel session

Cancel a session.

Verb and Path

DELETE /api/v2/sessions/:secret

Headers

Header Type Description
App-Id string, required Application ID
App-Secret string, required Application Secret
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Response

{
  "data": {
    "session_secret": "bab58e103942ba8d_1510910072"
  },
  "meta": {
    "time": "2017-11-17T09:14:33Z",
    "version": "V2"
  }
}
Attribute Type Description
session_secret string Identifier of the session that has been canceled.

Possible errors

Tokens

Create token via client application

Initiate a linking process for a provider. The client application has to handle all the authentication UI in this flow (see Provider authorization_types). During the lifecycle, events will be added to the session which will send callbacks to your application.

Verb and Path

POST /api/v2/tokens/remote

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Payload

{
  "data": {
    "provider_code": "code3",
    "consent_period_days": 90,
    "credentials": {
      "authorization_type": "oauth"
    },
    "redirect_url": "https://authenticated.com",
    "scopes": ["accounts"],
    "force_sca": true
  }
}
Attribute Type Description
provider_code string, required Human readable Provider identifier.
consent_period_days integer, optional Customer’s consent expiration in days.
credentials object, required Wrapper for required first step credentials.
scopes array, required Set of permissions for access token.
redirect_url string, optional The URL that the customer will be redirected to after he has finished the authentication process on provider’s side. (required for authorization_type = oauth).
force_sca boolean, optional Whether to disregard exemptions and force SCA as a required step to authenticate the customer.

Response

{
  "data": {
    "session_secret": "b989dcebd4de9a05_1510913296"
  },
  "meta": {
    "time": "2017-11-17T10:08:16Z",
    "version": "V2"
  }
}
Attribute Type Description
session_secret string Session identifier on Priora.

Possible errors

Show token

Returns current state of a token.

Verb and Path

GET /api/v2/tokens

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Response

{
  "data": {
    "scopes": ["accounts"],
    "refresh_token": "05ccd058440d325987a8208d2b6d76b9a3817b3f23e5d95611812c1364a579f855792d6452c4f44c7ef673e1365ab92e58a578cbd0a116e99fe68ead9f1058c9",
    "access_token_expires_at": "2017-12-17T10:12:38Z"
  },
  "meta": {
    "time": "2017-11-17T10:12:38Z",
    "version": "V2"
  }
}
Attribute Type Description
scopes array Set of permissions granted to a token.
refresh_token string Special token that can be exchanged for a new access token.
access_token_expires_at string Time of expiration for a given access token.

Possible errors

Revoke token

Revoke an already existing and active access token. This endpoint sends a callback upon completion.

Verb and Path

DELETE /api/v2/tokens

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Access-Token string, required Token for which we are requesting info.
Client-Request-Id string, optional Request identifier, if present will be returned within meta field in response.

Response

{
  "data": {
    "revoked": true,
    "access_token": "6207201c37285385af711873a8553f1c2bb2569d8dcc0e995715f33998811a2971083ceb10642672dde9e6423c7ac2d9e7f3d97f5fd4e448ccea6470a07cbd3b"
  },
  "meta": {
    "time": "2017-11-17T10:20:59Z",
    "version": "V2"
  }
}
Attribute Type Description
revoked boolean States whether access token in question has been revoked.
access_token string Access token that has been revoked.

Possible errors

Refresh expired access token

Refresh an access token that has expired.

Verb and Path

POST /api/v2/tokens/refresh

Headers

Header Type Description
App-Id string, required Application ID.
App-Secret string, required Application Secret.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key
Refresh-Token string, required Token issued to refresh expired Access Token.

Response

  {
    "data": {
      "access_token": "92105f20eb6c7e24bbcc191fe1b51c588bcbe9be080ef4454bec1701d6e83dc1cc557a53ddeeab97a09cc94cb4963fe36488ae1ab5d366942aaff676050bfc05",
      "expires_at": "2018-01-27T15:51:30Z"
    },
    "meta": {
      "time": "2017-12-27T10:20:59Z",
      "version": "V2"
    }
  }
Attribute Type Description
access_token string New access token.
expires_at string Time of expiration for a given access token.

Possible errors

Sandboxes

Spain

MySodexo Sandbox

Usage

To connect to MySodexo Sandbox, please use provider code mysodexo_es_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Email address (Email) mysodexo_es_xf@gmail.com
Password (Сontraseña) passw0rd

France

LCL Prépayé Enterprise Sandbox

Usage

To connect to LCL Prépayé Enterprise Sandbox, please use provider code lcl_prepaye_enterprise_fr_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Identifier (Identifiant) 1223334444
Personal code (Code personnel) 123456

United Kingdom

AEG Sandbox

Usage

To connect to AEG Sandbox, please use provider code aeg_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code aeg_gb_xf_user
Password/code passw0rd

Allianz Sandbox

Usage

To connect to Allianz Sandbox, please use provider code allianz_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allianz_gb_xf_user
Password/code passw0rd

Allsave Sandbox

Usage

To connect to Allsave Sandbox, please use provider code allsave_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allsave_gb_xf_user
Password/code passw0rd

Bank of East Asia UK Sandbox

Usage

To connect to Bank of East Asia UK Sandbox, please use provider code bank_of_east_asia_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Cyberbanking No. 12345678901
PIN 12345678912345
OTP 123456

BENEFEX Sandbox

Usage

To connect to BENEFEX Sandbox, please use provider code benefex_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code benefex_gb_xf_user
Password/code passw0rd

BMW UK Ltd Sandbox

Usage

To connect to BMW UK Ltd Sandbox, please use provider code bmwuk_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bmwuk_ltd_gb_xf_user
Password/code passw0rd

Bournemouth University Sandbox

Usage

To connect to Bournemouth University Sandbox, please use provider code bournemouth_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bournemouth_university_gb_xf_user
Password/code passw0rd

Brinc (Health Service Discounts) Sandbox

Usage

To connect to Brinc (Health Service Discounts) Sandbox, please use provider code brinc_health_service_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code brinc_health_service_discounts_gb_xf_user
Password/code passw0rd

Byblos Bank Europe Sandbox

Usage

To connect to Byblos Bank Europe Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111

Direct Line Group Sandbox

Usage

To connect to Direct Line Group Sandbox, please use provider code direct_line_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code direct_line_group_gb_xf_user
Password/code passw0rd

Drax Power Ltd Sandbox

Usage

To connect to Drax Power Ltd Sandbox, please use provider code drax_power_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code drax_power_ltd_gb_xf_user
Password/code passw0rd

E-Spree Sandbox

Usage

To connect to E-Spree Sandbox, please use provider code e_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code e_spree_gb_xf_user
Password/code passw0rd

Exeter University Sandbox

Usage

To connect to Exeter University Sandbox, please use provider code exeter_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code exeter_university_gb_xf_user
Password/code passw0rd

1st Option Consulting Ltd Sandbox

Usage

To connect to 1st Option Consulting Ltd Sandbox, please use provider code first_option_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code first_option_consulting_gb_xf_user
Password/code passw0rd

Fuel Gift Card Sandbox

Usage

To connect to Fuel Gift Card Sandbox, please use provider code fuel_gift_card_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fuel_gift_card_gb_xf_user
Password/code passw0rd

Fujifilm Sandbox

Usage

To connect to Fujifilm Sandbox, please use provider code fujifilm_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fujifilm_gb_xf_user
Password/code passw0rd

Generic Spree Sandbox

Usage

To connect to Generic Spree Sandbox, please use provider code generic_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code generic_spree_gb_xf_user
Password/code passw0rd

Geopost Sandbox

Usage

To connect to Geopost Sandbox, please use provider code geopost_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code geopost_gb_xf_user
Password/code passw0rd

Getronics Sandbox

Usage

To connect to Getronics Sandbox, please use provider code getronics_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code getronics_gb_xf_user
Password/code passw0rd

Giant Group Sandbox

Usage

To connect to Giant Group Sandbox, please use provider code giant_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code giant_group_gb_xf_user
Password/code passw0rd

Glory Dale Sandbox

Usage

To connect to Glory Dale Sandbox, please use provider code glory_dale_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code glory_dale_gb_xf_user
Password/code passw0rd

GMAC Sandbox

Usage

To connect to GMAC Sandbox, please use provider code gmac_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code gmac_gb_xf_user
Password/code passw0rd

Group Schemes Sandbox

Usage

To connect to Group Schemes Sandbox, please use provider code group_schemes_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code group_schemes_gb_xf_user
Password/code passw0rd

Guaranty Trust Bank UK Sandbox

Usage

To connect to Guaranty Trust Bank UK Sandbox, please use provider code gt_bank_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User ID gt_bank_gb_xf
Secret question answer hunter2
Login code 123456
Payee Code secret

Hays Recruitment Sandbox

Usage

To connect to Hays Recruitment Sandbox, please use provider code hays_recruitment_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hays_recruitment_gb_xf_user
Password/code passw0rd

Healthineers Sandbox

Usage

To connect to Healthineers Sandbox, please use provider code healthineers_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code healthineers_gb_xf_user
Password/code passw0rd

HP Sandbox

Usage

To connect to HP Sandbox, please use provider code hp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hp_gb_xf_user
Password/code passw0rd

In2 Resourcing Sandbox

Usage

To connect to In2 Resourcing Sandbox, please use provider code in2_resourcing_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code in2_resourcing_gb_xf_user
Password/code passw0rd

IQSA Services LTD Sandbox

Usage

To connect to IQSA Services LTD Sandbox, please use provider code iqsa_services_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iqsa_services_ltd_gb_xf_user
Password/code passw0rd

Iron Mountain Sandbox

Usage

To connect to Iron Mountain Sandbox, please use provider code iron_mountain_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iron_mountain_gb_xf_user
Password/code passw0rd

JCB Sandbox

Usage

To connect to JCB Sandbox, please use provider code jcb_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code jcb_gb_xf_user
Password/code passw0rd

Kering (Gucci Group Services) Sandbox

Usage

To connect to Kering (Gucci Group Services) Sandbox, please use provider code kering_gucci_group_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code kering_gucci_group_services_gb_xf_user
Password/code passw0rd

LBI (Digitas) Sandbox

Usage

To connect to LBI (Digitas) Sandbox, please use provider code lbi_digitas_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lbi_digitas_gb_xf_user
Password/code passw0rd

Lifestyle Sandbox

Usage

To connect to Lifestyle Sandbox, please use provider code lifestyle_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lifestyle_gb_xf_user
Password/code passw0rd

Lincoln Uni Sandbox

Usage

To connect to Lincoln Uni Sandbox, please use provider code lincoln_uni_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lincoln_uni_gb_xf_user
Password/code passw0rd

Monclear Sandbox

Usage

To connect to Monclear Sandbox, please use provider code monclear_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code monclear_gb_xf_user
Password/code passw0rd

Motivcom Sandbox

Usage

To connect to Motivcom Sandbox, please use provider code motivcom_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code motivcom_gb_xf_user
Password/code passw0rd

My Spree Sandbox

Usage

To connect to My Spree Sandbox, please use provider code my_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code my_spree_gb_xf_user
Password/code passw0rd

Nasa Consulting Sandbox

Usage

To connect to Nasa Consulting Sandbox, please use provider code nasa_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code nasa_consulting_gb_xf_user
Password/code passw0rd

Online Tax Rebates Sandbox

Usage

To connect to Online Tax Rebates Sandbox, please use provider code online_tax_rebates_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code online_tax_rebates_gb_xf_user
Password/code passw0rd

Parasol Group Sandbox

Usage

To connect to Parasol Group Sandbox, please use provider code parasol_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code parasol_group_gb_xf_user
Password/code passw0rd

Paystream Sandbox

Usage

To connect to Paystream Sandbox, please use provider code paystream_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code paystream_gb_xf_user
Password/code passw0rd

Premier Foods Sandbox

Usage

To connect to Premier Foods Sandbox, please use provider code premier_foods_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code premier_foods_gb_xf_user
Password/code passw0rd

PSCashback Sandbox

Usage

To connect to PSCashback Sandbox, please use provider code ps_cashback_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_cashback_gb_xf_user
Password/code passw0rd

PSDiscounts Sandbox

Usage

To connect to PSDiscounts Sandbox, please use provider code ps_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_discounts_gb_xf_user
Password/code passw0rd

PSL Sandbox

Usage

To connect to PSL Sandbox, please use provider code psl_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code psl_gb_xf_user
Password/code passw0rd

Red Contractors Sandbox

Usage

To connect to Red Contractors Sandbox, please use provider code red_contractors_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code red_contractors_gb_xf_user
Password/code passw0rd

Royal Sun Alliance Sandbox

Usage

To connect to Royal Sun Alliance Sandbox, please use provider code royal_sun_alliance_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code royal_sun_alliance_gb_xf_user
Password/code passw0rd

SAP Sandbox

Usage

To connect to SAP Sandbox, please use provider code sap_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sap_gb_xf_user
Password/code passw0rd

Say Reward Sandbox

Usage

To connect to Say Reward Sandbox, please use provider code say_reward_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code say_reward_gb_xf_user
Password/code passw0rd

Seat UK Sandbox

Usage

To connect to Seat UK Sandbox, please use provider code seat_uk_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code seat_uk_gb_xf_user
Password/code passw0rd

Sharp Sandbox

Usage

To connect to Sharp Sandbox, please use provider code sharp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sharp_gb_xf_user
Password/code passw0rd

Siemens PLC Sandbox

Usage

To connect to Siemens PLC Sandbox, please use provider code siemens_plc_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code siemens_plc_gb_xf_user
Password/code passw0rd

Simply Spree Sandbox

Usage

To connect to Simply Spree Sandbox, please use provider code simply_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code simply_spree_gb_xf_user
Password/code passw0rd

Skybox Sandbox

Usage

To connect to Skybox Sandbox, please use provider code skybox_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code skybox_gb_xf_user
Password/code passw0rd

Sodexo Onsite Services Sandbox

Usage

To connect to Sodexo Onsite Services Sandbox, please use provider code sodexo_onsite_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sodexo_onsite_services_gb_xf_user
Password/code passw0rd

Stewart Milne Sandbox

Usage

To connect to Stewart Milne Sandbox, please use provider code stewart_milne_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code stewart_milne_gb_xf_user
Password/code passw0rd

Team Rewards Sandbox

Usage

To connect to Team Rewards Sandbox, please use provider code team_rewards_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code team_rewards_gb_xf_user
Password/code passw0rd

Tilney Sandbox

Usage

To connect to Tilney Sandbox, please use provider code tilney_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tilney_gb_xf_user
Password/code passw0rd

TUI (NEW DAY) Sandbox

Usage

To connect to TUI (NEW DAY) Sandbox, please use provider code tuinewday_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tuinewday_gb_xf_user
Password/code passw0rd

UIB Sandbox

Usage

To connect to UIB Sandbox, please use provider code uib_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code uib_gb_xf_user
Password/code passw0rd

Utility Warehouse UK Sandbox

Usage

To connect to Utility Warehouse UK Sandbox, please use provider code utility_warehouse_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Member No./ username 7989366
Password passw0rdpassw0rdpass

Volvo Sandbox

Usage

To connect to Volvo Sandbox, please use provider code volvo_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code volvo_gb_xf_user
Password/code passw0rd

XPO HOLDINGS Sandbox

Usage

To connect to XPO HOLDINGS Sandbox, please use provider code xpoholdings_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code xpoholdings_gb_xf_user
Password/code passw0rd

Zurich Sandbox

Usage

To connect to Zurich Sandbox, please use provider code zurich_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code zurich_gb_xf_user
Password/code passw0rd

Sweden

Lunchkultur Sandbox

Usage

To connect to Lunchkultur Sandbox, please use provider code lunchkultur_se_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
National ID Number, “YYMMDDNNNN” 1223334444

Belgium

Byblos BE Sandbox

Usage

To connect to Byblos UK Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111