NAV Navbar
Short white logo

Getting Started

Definitions

Term Definition
Provider Represents the ASPSP. A bank or financial institution that offer payment accounts with online access.
AISP Account Information Service Provider. A TPP application that allows a Customer to list account and holder information.
Connector Proxy interface before Provider’s API.
Customer A bank account holder. The end-user of payment services.
PISP Payment Initiation Service Provider. A TPP application that allows a Customer to initiate payments on their behalf.
PIISP Payment Issuer Instrument Service Provider. A TPP application that checks coverage of a payment by Customer’s account.
Session Any activity that is forwarded by Priora to Connector on behalf of a Customer.
Scopes A set of permissions granted to a TPP application.
Token A secret access token issued by Provider which represents the Customer’s consent on specific scopes granted to a TPP application.
TPP A third party provider application.

Registration

The process of TPP registration is made via an API request to TPP Register endpoint. In order to access Provider Sandbox you need to use eIDAS QSEAL test certificate.

Access to production environment is allowed only with production QSEAL certificates. It is possible to add a QSEAL or QWAC certificate via API request to TPP Certficate endpoint.

After adding a certificate, the registered TPP will have assigned a set of scopes based on the provided cerficicate.

I.e. AISP cerfificate will result into account, transactions, kyc scopes, while a PISP cerficate will result into payments, funds_availability scopes. The available scopes can be seen when creating an TPP Application.

TPP configuration & API keys

TPP may have a number of TPP Applications, them being essentially API keys(ID and secret). These applications serve to identify a specific TPP configuration. For example, say we have a company X that identifies itself as a PFM. Suppose it targets mobile devices(iOS, Android) and web browsers, thus they would have to configure three TPP applications, one for Apple devices, another for Android devices, and one for web browsers. Or maybe Company X needs to test their new features within staging environment first, then it would be convenient to configure another client application for these purposes.

But before managing API keys it is wise to check the TPP configuration. In order to do this, navigate to TPP Settings. Here it is possible to modify TPP’s name, email, as well as other business details.

Take into consideration that all TPP Applications will have the same, predefined during registration, scopes. This will ensure that an AISP license certificate will be used only for getting information about Customer’s banking details and PISP license certificates will allow creation of payment orders on behalf of Customer.

Client Details

In order to be able to go Live, TPP has to supply a valid certificate. This could be accomplished using #tpp-certificates endpoint.

Security

Now back to managing API keys. The very first test application will be created during the TPP registration process. To configure it navigate to applications page.

TPP Applications

Proceed by selecting Test application.

TPP Application details

On the page presented above it is possible to change application’s name, regenerate application secret and set up callback (also doubles as redirect) URL for updates from Salt Edge PSD2 Compliance Solution. In order for your TPP to go live, you must have configured at least one TPP application.

Requesting Provider access

After successful registration and configuration, Salt Edge PSD2 Compliance Team will move TPP into Test status. This will allow TPP to start making request to all sandboxes available to Salt Edge PSD2 Compliance Solution.

Provider management

After TPP finishes development, it can ask Salt Edge PSD2 Compliance Team to change its status to Live. This way, TPP will be able to request access for Live banks connected to Salt Edge PSD2 Compliance Solution.

Using the API

Postman collection

A postman collection describing all endpoints requests is available for developers, but it’s important to read the documentation prior to development in order to have a graceful start.

Request verification using JWT

All requests to Salt Edge PSD2 Compliance must be signed. Salt Edge PSD2 Compliance implements request signature verification via Authorization headers. These must contain grant type Bearer followed by a JSON Web Token. A payload should be generated on a per request basis and should include exp and data claims, the former being expiration time and the latter being a JSON object including all relevant parameters for a request, if there are no such parameters it should be left empty. This payload should then be encoded into a JWT via RS256 algorithm using TPP’s application’s private key.

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way to securely transmit information. Salt Edge PSD2 Compliance API requires JWTs to authorize each API request. Implementing a standard that allows Providers and TPPs to securely transmit information provides greater protection of senzitive data and the entire Salt Edge PSD2 Compliance Solution.

Salt Edge PSD2 Compliance uses JWTs as a vehicle to receive signed requests from TPPs and send them to Providers. TPP is supposed to send JWT signed requests to Salt Edge PSD2 Compliance on any described endpoint in documentation.

Priora will send callbacks with a JWT signed by its private key . This allows Connector the ability to validate that the request form Priora has not been tampered with.

Example of decoded JWT header

{
  "typ": "JWT",
  "alg": "RS256"
}

Example of decoded JWT payload

{
  "data": {
    "provider_code": "demobank",
    "credentials": {
      "authorization_type": "oauth"
    },
    "scopes": [
      "accounts",
      "transactions",
      "kyc",
      "payments",
      "funds_availability"
    ],
    "redirect_url": "https://priora-demo.saltedge.com/connections/1412"
  },
  "exp": 1565716467
}

Priora public key

  

JWT Anatomy

A JWT is comprised of 3 sections of url base64 encoded strings of data separated by a period. The first 2 sections are JSON objects while the last section is a digital signature that has been url base64 encoded. The sections are as such:

Example of JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9. eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsImNyZWRlbnRpYWxzIjp7ImF1dGhvcml6YXRpb25fdHlwZSI6Im9hdXRoIn0sInNjb3BlcyI6WyJhY2NvdW50cyIsInRyYW5zYWN0aW9ucyIsImt5YyIsInBheW1lbnRzIiwiZnVuZHNfYXZhaWxhYmlsaXR5Il0sInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vcHJpb3JhLWRlbW8uc2FsdGVkZ2UuY29tL2Nvbm5lY3Rpb25zLzE0MTIifSwiZXhwIjoxNTY1NzE2NDY3fQ. Xw9I7N3kUsnfrD2afoEAzaJpB2vWt0YBuaCH9c9dicy5nJwszjhyq4gLuuyNWflb6mRhIx_9C8AZrO6r4auhEu5H0Nn_nawZIwLb_LPLOhqkzlf7npz83D0dSqHnSzn6JtB57o4_dDvSupkYLbAoTY0vff1wBSLnwWya8kjcOaNbHPgV3WGBUG1gYrDzML4-reA60xTP2E1KszDU5XrPyyn2rwvpRa4jC1qqRI2gjMrlTAsAo3uww-w8FQw7MYmRJz7p7aBn85-MVVReFhl-Ivm5Ag71sKlBGlRqw1K2jzGfLxb14jypgEKXytCdRPyI2rM4u7eBWJXT1lXJfHdrew

JWT libraries

In order to use JWT tokens, you’ll need to have a token generator. You can generate JWT tokens by utilizing one of the many libraries available on the JWT website.

How to use JWT

All requests that are either forwarded by or originated on Priora will be signed using Priora private key (RS256 alghorithm) in the form of a JWT containing exp and data claims that can be verified using Priora public key.

Scopes

Scopes are permissions granted to a TPP application. Depending on cerfiticate, TPP can be assigned the following scopes:

Scope Description
accounts Required for accessing Customer’s account list and account data.
funds_availability Required for checking whether Customer’s account has enough funds to carry out a specific payment. Required by PIISP Clients.
transactions Required for accessing Customer’s transactions under specific accounts, therefore best be used along accounts scope.
kyc Required for accessing account holder information.
payments Required for accessing Customer’s payment accounts as well as for payment initiation.

Events

Events are states of session and payment life cycles.

Event Description
processing Request to push session/payment into the next phase has been received by Priora and is undergoing processing.
redirect The Customer is being redirected to the Provider’s page in order to perform authentication.
waiting_confirmation Session/payment is waiting for an interactive step outside of TPP application, like Strong Customer Authentication via a separate application.
waiting_confirmation_code Session/payment is waiting for an interactive step within TPP application, like One Time Password or SMS confirmation.
fetched_accounts Account information has been fetched from the bank and can be requested using #accounts-all endpoint.
fetched_transactions Transaction information has been fetched from the bank and can be requested using #accounts-transactions endpoint.
fetched_kyc Holder information has been fetched from the bank and can be requested using #accounts-holder endpoint.
closed Session/payment has been closed. To know whether it was a success or a failure, peer into success_at/fail_at fields from the response.

Become a TPP

TPP Registration is performed via API requests to Salt Edge PSD2 Compliance Solution.

Registration of new TPP will is done using automated enrollment. In other words it means that TPP will be registered by sending API request to Salt Edge PSD2 Compliance Solution, which is supposed to contain certificate (QWAC or/and QSEAL) - production or test. Salt Edge compliance solution will verify TPP and define its status (production or test).

Tpp Register

Used for registeration in Salt Edge PSD2 Compliance Dashboard. After registration, you will receive a letter of confirmation on your representative email.

Request

POSThttps://priora.saltedge.com/api/v2/tpp/register

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbXBhbnkiOnsibmFtZSI6IkV4YW1wbGUgTmFtZSIsImVtYWlsIjoiZXhhbXBsZUBleGFtcGxlLmNvbSIsImFkZHJlc3MiOiI0MDkgQnJvYWR3YXkgR1VJTERGT1JEIiwiY2l0eSI6ImV4YW1wbGVfZGF0YS5jb21wYW55LmNpdHkiLCJ6aXBfY29kZSI6ImlBRmp5IiwicGhvbmVfbnVtYmVyIjoiMTEwMTg1MzcyIn0sInJlcHJlc2VudGF0aXZlIjp7Im5hbWUiOiJFeGFtcGxlIE5hbWUiLCJlbWFpbCI6ImV4YW1wbGVAZXhhbXBsZS5jb20ifSwiY2VydGlmaWNhdGUiOnsidHlwZSI6InF3YWMiLCJuYW1lIjoiRXhhbXBsZSBOYW1lIiwicGVtIjoiLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlFQWpDQ0F1b0NBUUF3RFFZSktvWklodmNOQVFFTEJRQXdXekVYTUJVR0ExVUVZUXdPVkhCd1UyRnNkRlJsXG5jM1F3TURBeElEQWVCZ05WQkFNTUYyTmxjblJUU1VkT1UwRk1WRlJGVTFRZ1YyVmlJRU5CTVJFd0R3WURWUVFLXG5EQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TURFMU1UQXlPVEF5V2hjTk1qRXhNREUwXG5NVEF5T1RBeVdqQ0JqVEVXTUJRR0ExVUVBd3dOYzJGc2RDMTBaWE4wTG1OdmJURVJNQThHQTFVRUNnd0lVMkZzXG5kRlJsYzNReEN6QUpCZ05WQkFZVEFsSlBNUkl3RUFZRFZRUUlEQWxDZFdOMWNtVnpkR2t4RWpBUUJnTlZCQWNNXG5DVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsXG5iblJwWm1sbGNqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtnVzRKOStIRmNMXG5RVXBMSTRzWkJKblFoZ1FhSlhEbHBUMjg1bGU4ZURxN1RqWmdhektxTTlGQnJ3NEFFRHFSbFhHdmd3aW5KRjYyXG4wd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROXG5nazhkVWExY0tOTGNYMzc3cHZ6NENIWWpQa2hpS2NMakFSeExUSWJHbXo5WUFUL0FrM2w3QkZEZFdqMEJya0dqXG5XZEZ6UlZXcWN0cDQ2NW9YRldlNndCaXJsSmUrUkRnaGdBZFRBaVBHUndYdXh2ZGJJblI4dnZvREk1MkdFdXNoXG5GWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQXG42U1BSSjNGTEd0a0NBd0VBQWFPQm9qQ0JuekFNQmdOVkhSTUVCVEFEQVFIL01BNEdBMVVkRHdFQi93UUVBd0lCXG5CakFkQmdOVkhRNEVGZ1FVS3BQZnkxOVJBQlBLcnZic01SdFczeUdJTWZvd0h3WURWUjBqQkJnd0ZvQVVLcFBmXG55MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMamszXG5ZMlJrTkRnM0xUYzFOV1l0TkRFM015MWlNMk00TFRNNFkySTNPR1psWmpReE5UQU5CZ2txaGtpRzl3MEJBUXNGXG5BQU9DQVFFQWJWalp4R2hZUnRXdzIvZWhsaUNQazBnTVFLNTYyaGdTRzlqLzNxYVhpekhmc1NJTS9McW1LeGxSXG5CRzdBM3ZKdmFuOG94cDNwYmFuakIyNEVXT0VSYk5lSisvTzlzMGZGUmlIMStvaXhuSVJhK0tmSmFFeWZUcVlYXG5QcU5mb2tRUHRZb0ZJdkFRVldUejh0OWN2K1Zld2g3SXR0WTN1SmdqQUN6ZDhibFMzVGVVSFBmYjh0SXhpenltXG5KcVhJeFhHVFZPaU13RitFOVdWMFdBSGoxM2I5MmwvcGwxNkdhdjR2eVVyR2ZpbkYrRFJTaEJBWGlyWFhYTm5SXG5XNStPRE1ZMk1VT1E4UUdPYjFLTmIvVm5nYklacXg0NTJJTmcxSDN4c01MbTNaNmdYbisvcHdCZWUyR1JoeGQrXG41VXVWOGxuN25WYVhzMzY0eXl2cVJGR3F1bmR6OXc9PVxuLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLVxuIn19LCJleHAiOjE1NzExMzU0NjJ9.iaWUhvtkrBaTzFry3P6WmWFAchHDA9BgmAqyUJTjENhHXUbzKnYUmFUiFw7P90hgjAgUPxMg-px1Capw4bydtmRPAdNsOaZ-lTSC_amDbUxYgZZbnupVHdZAhucD0qgoeE3n9jP1-xqq7tg8LuNVVfmSHqq83cFhWmZTTrJxgXCifLeFY59Q6xl187vNpSUf5JnKVpQ6f5PhXqO8yhQIk-fZYAsacfj8LRLI4cFepLLZ3oxqpECKIdVgHAHYcV4QFXOm1i_9aoRNUNdfCWL_Bc_27wI8ynTlmzWolX-o9ftxiJJiLBofueakqoSWR8RmJjfaId17ORiUIrZsrMmdYg"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tpp/register"

Headers

Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: JWTClaimMissing, PublicKeyInvalid, AuthorizationMissing, RequestFormatInvalid
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "company": {
      "name": "Example Name",
      "email": "example@example.com",
      "address": "409 Broadway GUILDFORD",
      "city": "example_data.company.city",
      "zip_code": "wu5YJ",
      "phone_number": "518141859"
    },
    "representative": {
      "name": "Example Name",
      "email": "example@example.com"
    },
    "certificate": {
      "type": "qseal",
      "name": "Example Name",
      "pem": "-----BEGIN CERTIFICATE-----\nMIIEAjCCAuoCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRl\nc3QwMDAxIDAeBgNVBAMMF2NlcnRTSUdOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQK\nDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkxMDE1MTAyOTAyWhcNMjExMDE0\nMTAyOTAyWjCBjTEWMBQGA1UEAwwNc2FsdC10ZXN0LmNvbTERMA8GA1UECgwIU2Fs\ndFRlc3QxCzAJBgNVBAYTAlJPMRIwEAYDVQQIDAlCdWN1cmVzdGkxEjAQBgNVBAcM\nCUJ1Y3VyZXN0aTEWMBQGA1UECQwNQWxiYSBJdWxpYSA3NTETMBEGA1UEYQwKaWRl\nbnRpZmllcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+HFcL\nQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF62\n0wuIq+7pjOXPPw+Y9XQBpSkjurbyhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4N\ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDdWj0BrkGj\nWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEush\nFYCYwo3uaUITygxNdBrZ5NiZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP\n6SPRJ3FLGtkCAwEAAaOBojCBnzAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUKpPfy19RABPKrvbsMRtW3yGIMfowHwYDVR0jBBgwFoAUKpPf\ny19RABPKrvbsMRtW3yGIMfowPwYIKwYBBQUHAQMEMwwxdGVzdFBTUF9BSS4uLmNh\nMjI2ZTQwLTg5ODQtNDVjNy1iYmNmLTRjNzliYjA2NmVlZjANBgkqhkiG9w0BAQsF\nAAOCAQEARTByh78gsAfz7xa4O9R8POkJcuMwMFuv6C71d1RB7p6MPz0GxdWc+Jc6\nrDBG1bpoXaanLTR4gONV6DkoRKwVXxmLbMYlulUaHAVn1aZdOyd343i6pcgKhSpM\nH8Tv0CdMJ5Uo4Y6aYSIJhsUnCuX9Jo/hFptumynT1qnP7oc5lVJRhbOe5D7Fm6OV\n0+LXYFxUvWvO9mkziHp41+W1l1+OYk+1XiHArj+MCI86jkaPaBIWMptMOhwxBC+5\nnPtt+aS290rCq5Wb53vGvvKhTDuXO6Ph6bYaEyoTxq6iTMKh3VoSAw5uvsE2DHNb\nJVmeGke+mfiuDEFTDRhw6URLKcz25Q==\n-----END CERTIFICATE-----\n"
    }
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.certificate hash, required Wrapper for certificate params.
data.certificate.name string, required The certificate’s name
data.certificate.pem string, required Certificate in pem format
Can raise: WrongRequiredFields
data.certificate.type string, required QSEAL or QWAC
Allowed values: qseal, qwac
data.company hash, required Wrapper for company params.
data.company.address string, required Company address
data.company.city string, required Company city
data.company.email string, required Company email
Can raise: WrongRequiredFields, AccessDenied
data.company.name string, required Company name
data.company.phone_number string, required Company phone number
data.company.zip_code string, required Company zip code
data.representative hash, required Wrapper for representative params.
data.representative.email string, required Client user’s email. This email will receive a letter for confirming the registration.
Can raise: WrongRequiredFields, AccessDenied
data.representative.name string, required Client user’s name
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "message": "example_data.message"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.message string, required Human readable message for developer.
Class Code Description
WrongRequiredFields 401 Specified required fields were not provided. More info in error_message
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ValueOutOfRange 400 One of specified values are out of range.
JWTClaimMissing 400 Authorization Token expiration is not provided. Please specify exp alongside data field.
PublicKeyInvalid 400 Given public key is not a public key.
AuthorizationMissing 400 Authorization header is missing.
RequestFormatInvalid 400 Request format is wrong. Details are stored in error_message

Tpp Certificates

Used for adding QSEAL or QWAC certificates after successful registration. The added certificate must be selected in Salt Edge PSD2 Compliance Dashboard as active one.

Request

POSThttps://priora.saltedge.com/api/v2/tpp/certificates

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNlcnRpZmljYXRlIjp7InR5cGUiOiJxd2FjIiwibmFtZSI6IkV4YW1wbGUgTmFtZSIsInBlbSI6Ii0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLVxuTUlJRUFqQ0NBdW9DQVFBd0RRWUpLb1pJaHZjTkFRRUxCUUF3V3pFWE1CVUdBMVVFWVF3T1ZIQndVMkZzZEZSbFxuYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRS1xuREFoVFlXeDBWR1Z6ZERFTE1Ba0dBMVVFQmhNQ1VrOHdIaGNOTVRreE1ERTFNVEF5T1RBeVdoY05NakV4TURFMFxuTVRBeU9UQXlXakNCalRFV01CUUdBMVVFQXd3TmMyRnNkQzEwWlhOMExtTnZiVEVSTUE4R0ExVUVDZ3dJVTJGc1xuZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTVxuQ1VKMVkzVnlaWE4wYVRFV01CUUdBMVVFQ1F3TlFXeGlZU0JKZFd4cFlTQTNOVEVUTUJFR0ExVUVZUXdLYVdSbFxuYm5ScFptbGxjakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLZ1c0SjkrSEZjTFxuUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2MlxuMHd1SXErN3BqT1hQUHcrWTlYUUJwU2tqdXJieWhKT2Y4YjZVakxQTEJ1QXdPa0ZOdjdKa2x3S3lxZms0R0c0TlxuZ2s4ZFVhMWNLTkxjWDM3N3B2ejRDSFlqUGtoaUtjTGpBUnhMVEliR216OVlBVC9BazNsN0JGRGRXajBCcmtHalxuV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaFxuRllDWXdvM3VhVUlUeWd4TmRCclo1TmlaS2grcm41VTVuMzNKRE5vTldoQlVFMDFML2hWM1B5ZXhwSlR5bWlEUFxuNlNQUkozRkxHdGtDQXdFQUFhT0JvakNCbnpBTUJnTlZIUk1FQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQlxuQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZlxueTE5UkFCUEtydmJzTVJ0VzN5R0lNZm93UHdZSUt3WUJCUVVIQVFNRU13d3hkR1Z6ZEZCVFVGOUJTUzR1TG1NNFxuT1dJMk9HWTJMVE00WW1FdE5EVTBZaTFpWVdGbExURmlOR1ZpWWpZMVlUSTBOekFOQmdrcWhraUc5dzBCQVFzRlxuQUFPQ0FRRUFWWTZxeHRWbVdUYlNLbkpIZ096QlhCZWR6a1laWWlDWE83b2JXRjlsWUc2VnZEdXZ2QkszSFlldVxuandZdnZzZ2szcmd1aE16VmNIbyszOVB2bEY5NUpWdmVvNVNRTHY2cTNPZlZxMWJ3MkV1ZzdoUk5IdmZlL2UzUFxudy9Cb2JPcVVBWFpPSzZVS0dqenEzZDQzTnV6YXNiZ0QxaDBVSEUvbmxoOE95cUx2SmFjVmkvMTZXTWZkVWpncFxuRE83QkFhMnRHMGEwUVdXR2lXNnJvNUdVV2VQaXpQbUhwYXZ2VWNqQ3VXNlg2amFkU2s4MlVCVThpR2d6TlFEVlxuVHZzellCWVlwWUswRlR1VEs4QmJBV2tNL3RtbWVEYVRTY1p3bmwyQk5mMlBjdVlQRkFUOGRZQ2hzZXp0UjFXZ1xucVFHZFl0M0Q5cFoyUWVJcXF3TC81eTRIRFBuVWRBPT1cbi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS1cbiJ9fSwiZXhwIjoxNTcxMTM1NDYyfQ.BBdmY_vMaxm02KvvVeKS4Fg14bZYfDDmqa_SdMMFwCOPWKHYFPRIPZWQWNcrwAiB29BrueYvUetbbVq1CUi78IOZ8-5sEsbzJfcuT36HYC4I3dKugoem4EV-YE-9s_2jcSOjzHLHNtbtVO_kU023dMrc4TTCg-qxhGi9922vRlLdVbTYGKKZV2UGu5BUsMGgVLtd1ujMdeGofYI6lecPtDjVdbTzD1XyIGH9MB6sLwuyPGyN8IKxStuTFjdJTMoApnH78V_-jCUXIyjbLU9Fa7U5OrMcwEJUoM_htBFHLbkKZmHe-NvkXsUr1zcpkh4nBQQme_FMdgTsZPvFIwkMOA"
 -H "App-Id: j6ugdqvjTCwYPrSVu-bGaw"
 -H "App-Secret: FfV5UelUz3asufTofOYkVA"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tpp/certificates"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: JWTClaimMissing, PublicKeyInvalid, AuthorizationMissing, RequestFormatInvalid
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "certificate": {
      "type": "qwac",
      "name": "Example Name",
      "pem": "-----BEGIN CERTIFICATE-----\nMIIEAjCCAuoCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRl\nc3QwMDAxIDAeBgNVBAMMF2NlcnRTSUdOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQK\nDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkxMDE1MTAyOTAyWhcNMjExMDE0\nMTAyOTAyWjCBjTEWMBQGA1UEAwwNc2FsdC10ZXN0LmNvbTERMA8GA1UECgwIU2Fs\ndFRlc3QxCzAJBgNVBAYTAlJPMRIwEAYDVQQIDAlCdWN1cmVzdGkxEjAQBgNVBAcM\nCUJ1Y3VyZXN0aTEWMBQGA1UECQwNQWxiYSBJdWxpYSA3NTETMBEGA1UEYQwKaWRl\nbnRpZmllcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+HFcL\nQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF62\n0wuIq+7pjOXPPw+Y9XQBpSkjurbyhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4N\ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDdWj0BrkGj\nWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEush\nFYCYwo3uaUITygxNdBrZ5NiZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP\n6SPRJ3FLGtkCAwEAAaOBojCBnzAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUKpPfy19RABPKrvbsMRtW3yGIMfowHwYDVR0jBBgwFoAUKpPf\ny19RABPKrvbsMRtW3yGIMfowPwYIKwYBBQUHAQMEMwwxdGVzdFBTUF9BSS4uLmZh\nZDYwMWYzLTk5ZmQtNDU3Yy04ZjhkLTFjNGQ0MzQ2Y2U3MTANBgkqhkiG9w0BAQsF\nAAOCAQEABk+jSUpovh/FWO/Mty4vQKye0pY+O6aJ8TusldL9t8S0rMo6bbz2Aqro\nOiGs9ah4OPABYtK4xucbc34W2hfiMO54Vq7k30sZC0ijL0usFvNErZ+2dHsU52Tj\nBrB1mhMNa9R4FYAAyzq6YR6DCQAQuoXjST23jnhJfJPMsL7lOjUlHjvB62k9x9GT\nc5Ah1JVjlzGXs+6slsAsQ1iFYtel3mgKBZ8gvxXhWVeRbcWdqeKjXQnHqQ4GsELi\ncSmxNXiPa2sUGm0PFI24QUyrdzB3CDn2iks8bce68CLv8hCrzq3mESfc/9ondCkM\nASl5GAJKjT8JhcmYLYUvA1FRIfP0mA==\n-----END CERTIFICATE-----\n"
    }
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.certificate hash, required Wrapper for certificate params.
data.certificate.name string, required The certificate’s name
data.certificate.pem string, required Certificate in pem format
Can raise: WrongRequiredFields
data.certificate.type string, required QSEAL or QWAC
Allowed values: qseal, qwac
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "message": "example_data.message"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.message string, required Human readable message for developer.
Class Code Description
WrongRequiredFields 401 Specified required fields were not provided. More info in error_message
ValueOutOfRange 400 One of specified values are out of range.
JWTClaimMissing 400 Authorization Token expiration is not provided. Please specify exp alongside data field.
PublicKeyInvalid 400 Given public key is not a public key.
AuthorizationMissing 400 Authorization header is missing.
RequestFormatInvalid 400 Request format is wrong. Details are stored in error_message
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Callbacks

Example of unpacked Authorization header with session identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    }
  },
  "exp": 1565622287
}

Example of unpacked Authorization header with payment identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    },
    "payment": {
      "id": "31"
    }
  },
  "exp": 1565622287
}

For all asynchronous actions, such as authorizing an access token, creating a payment or refreshing account information, Salt Edge PSD2 Compliance Solution will send callbacks to the requesting TPP Application. The callback will be delivered to the “callback URL”, which can be configured for each TPP Application separately in the Applications section of TPP dashboard.

Each callback will include an Authorization header that will consist of grant type Bearer followed by a JWT signed using Salt Edge PSD2 Compliance Solution private key and RS256 algorithm. When decoded, this JWT will include exp and data claims. All relevant information will be wrapped into data claim. More information regarding JWT can be found here

The payload contains the session information (id and secret). Additionally, during the payment flow it will contain the payment information (id). The example of payload can be seen at the right.

All Errors

During any request or flow originating either on TPP or Salt Edge PSD2 Compliance side, a number of errors may appear. In order to standardize errors while still giving some degree of freedom in explaining an error callback parameters should include both error_class and error_message. Error message serves the purpose of communicating the issue to the End-Customer, whereas error class should be used by TPPs in order to be able to handle various scenarios.

Contents of the error_message are entirely up to the Provider, they may even be localized. However, values sent within error_class parameter should be from the standardized list. This list may and will be extended over time.

Class Description
Deprecated Specified resource has been deprecated and cannot be used anymore.
AccountNotFound Account specified in request does not exist or cannot be retrieved.
CustomerNotFound Customer specified in request does not exist or cannot be retrieved.
PaymentNotFound Payment specified in request does not exist or cannot be retrieved.
ProviderNotFound Provider specified in request does not exist or cannot be retrieved.
RouteNotFound Wrong request URL.
OauthAppNotFound OAuth Application specified in request does not exist or cannot be retrieved.
SessionNotFound Session specified in request does not exist or cannot be retrieved.
TemplateNotFound Template specified in request does not exist or cannot be retrieved.
FetchingError There were some problems while fetching Customer’s data. Please, retry later.
ClientDisabled Cooperation with specified Client is impossible.
ProviderDisabled Cooperation with specified Provider is impossible.
InternalServerError Something went wrong on our side. You can report this behaviour, but most probably our developers have already started working on it.
InternalProviderError Something went wrong on Provider(ASPSP) side.
AuthorizationTypeNotFound Authorization Type specified in request does not exist or cannot be retrieved.
WrongRequiredFields Specified required fields were not provided. More info in error_message
TokenExpired Token specified in request is expired and cannot be used.
TokenNotFound Token specified in request does not exist or cannot be retrieved.
AuthTokenNotFound Token specified in request does not exist or cannot be retrieved.
TokenRevoked Token specified in request is revoked and cannot be used anymore.
ClientNotFound Client specified in request does not exist or cannot be retrieved.
SessionExpired Found session has been expired and cannot be processed anymore.
EncodingInvalid Given data cannot be encoded on our side. Please use utf-8 encoding.
ScopesInvalid Specified scopes don’t match with the ones specified in Provider or OAuthApp. More info in error_message
ConfigurationError Missing configurations in dashboard.
PublicKeyInvalid Given public key is not a public key.
RequestFormatInvalid Request format is wrong. Details are stored in error_message
ValueOutOfRange One of specified values are out of range.
SessionClosed Session specified in request has been already closed and cannot be modified.
JWTDecodeError Authorization Token header has wrong format.
JWTExpiredSignature Authorization Token header has been expired.
JWTVerificationError SaltEdge PSD2 Compliance could not verify specified Authorization Token
JWTIncorrectAlgorithm Authorization Token was encrypted with incorrect algorithm. Please use RSA256 algorithm for ecnrypting.
JWTClaimMissing Authorization Token expiration is not provided. Please specify exp alongside data field.
AuthorizationMissing Authorization header is missing.
TokenMissing This request cannot be performed without Access_Token header.
RefreshTokenMissing This request cannot be performed without Refresh-Token header.
ActionNotAllowed You’re not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
TrustedBeneficiaryNotFound Trusted Beneficiary specified in request does not exist or cannot be retrieved.

Accounts

Accounts All

Returns all accounts belonging to a Customer and all relevant information about them. This endpoint should be called after refreshing Customer data on Salt Edge side.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/all

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjoyMCwiZnJvbV9pZCI6NzkyfSwiZXhwIjoxNTcxMTM1NDYyfQ.qfjScYgqi0kMEz84IyHAcOrEO1FsyY-aq9fUEka4jNzoeENaM8KELNwzPX-4Puiimzz9XIuICg5Tkm050yhM15DRwBJLApEe1mtnylejoMZs_uDqm7lyq51xr3tTP_nuWPO8zwVgipzTEvUooMevKn2pyIqTlo3roYu2G8PvUHvx0FAnbUBgyIeZDDvYZ72tFpMHQPMspcLH_H4TciqZbkxxCct8VaKE6E5h8AIGHv0whWj0wJubb3tsK1vfSgDOo1GAUZ3OV-0rCyuoOy0KhCvqwqoU5vdwfKGaFBRxMod43Owr4_QiSZ5afvKJTD90mO6hfprGlkRr-S8_9Uwe_w"
 -H "App-Id: CF4XwnFaEQPL_CJ61L0orw"
 -H "App-Secret: QcRQQCSbIGQvO3m5Y9z-yA"
 -H "Access-Token: 1b53bae029924a66839bbfc7df00199d232ce09e1a96d7b6d43bdaf43e8689aef58f0ebc5857e0f2a475dd75f2c9204fe46c4b2deea46c629024df3c3e96426d"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/all"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "per_page": 20,
    "from_id": 637
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.from_id integer, optional Return all accounts starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
data.per_page integer, optional Number of accounts that should be returned per request.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": "525",
      "name": "Example Name",
      "nature": "debit_card",
      "iban": "FK22RAND01090557396784",
      "number": "165356283",
      "sort_code": "25-21-63",
      "swift_code": "ixTEr",
      "currency_code": "USD",
      "balance": -10.72,
      "available_amount": -10.72,
      "provider_account_id": "276",
      "extra": {
      },
      "payment_account": true,
      "created_at": "2019-10-15T10:29:02.423Z",
      "updated_at": "2019-10-15T10:29:02.423Z"
    }
  ],
  "meta": {
    "time": "2019-10-15T10:29:02.423Z",
    "next_id": 648
  }
}
Response Type Description
data array, required Wrapper for the data.
data.available_amount float, required Physically available funds.
data.balance float, required Account balance.
data.created_at datetime, required Datetime of account creation on Priora side.
data.currency_code string, required Account currency code in ISO 4217.
data.extra hash, optional Any extra information related to an account that is deemed relevant.
Default value: {}
data.iban string, optional International Bank Account Number.
data.id string, required Account identifier on Priora.
data.name string, required Human readable account name.
data.nature string, required Account nature.
Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage
data.number string, optional Account number identifier within Bank.
data.payment_account boolean, required Specifies whether account can be used to initiate payments.
Allowed values: true, false
data.provider_account_id string, required ID that uniquely identifies this account in provider’s system.
data.sort_code string, optional Used to identify bank accounts in United Kingdom and Ireland.
data.swift_code string, optional Business Identifier Code.
data.updated_at datetime, required Datetime of last account updation on Priora side.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time when the request was processed.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Holder

Returns holder information that belongs to a Customer. This endpoint should be called after refreshing Customer data on Salt Edge side.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/holder

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: flNmxkZhYddabMiChtPYTg"
 -H "App-Secret: Mp8m2i11OHT6fGp3Krt25Q"
 -H "Access-Token: 3b8ba5d25d0416985423bdf9023046aad742a7a3976c6dbc4d0dccd8437fd06c79c3547a71d94f7674182a9711f630a6b6462be4663ce70bdc8f21ff0c065ead"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/holder"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "name": "Example Name",
    "email": "example@example.com",
    "phone": "467002918",
    "address": "409 Broadway GUILDFORD",
    "date_of_birth": "2019-10-15T10:29:02.326Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.address string, optional Customer adress.
data.date_of_birth string, optional Customer date of birth in datetime format.
data.email string, optional Customer email.
data.name string, optional Customer name.
data.phone string, optional Customer phone number.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Payment

Returns accounts that are available for making payments and belong to a Customer. This endpoint should be called after refreshing Customer data on Salt Edge side.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/payment

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: QS3-fe3E_M71036M-6zmqg"
 -H "App-Secret: 1fBC-mFMQK0UbxhIo2Zwzg"
 -H "Access-Token: 9c54daf4822be17da822ced0329263021e7f45b4a80bce44bdf85e917db7a28df3d9c1851c9a6eeb236a390636a559254241d11de556a6dc14fec05707891201"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/payment"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": "340",
      "name": "Example Name",
      "nature": "card",
      "iban": "FK65RAND25232144306692",
      "number": "987182538",
      "sort_code": "64-46-24",
      "swift_code": "rmfnX",
      "currency_code": "GBP",
      "provider_account_id": "874",
      "created_at": "2019-10-15T10:29:02.355Z",
      "updated_at": "2019-10-15T10:29:02.356Z"
    }
  ]
}
Response Type Description
data array, required Wrapper for the data.
data.created_at datetime, required Datetime of account creation on Priora side.
data.currency_code string, required Account currency code in ISO 4217.
data.iban string, optional International Bank Account Number.
data.id string, required Account identifier on Priora.
data.name string, required Human readable account name.
data.nature string, required Account nature.
Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage
data.number string, optional Account number identifier within Bank.
data.provider_account_id string, required ID that uniquely identifies this account in provider’s system.
data.sort_code string, optional Used to identify bank accounts in United Kingdom and Ireland.
data.swift_code string, optional Business Identifier Code.
data.updated_at datetime, required Datetime of last account updation on Priora side.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Refresh

Initiates the process of refreshing Customer data (accounts, transactions, holder info) on Salt Edge PSD2 Compliance side from the ASPSP which issued the access token.

Request

PUThttps://priora.saltedge.com/api/v2/accounts

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImZyb21fZGF0ZSI6IjIwMTktMDctMTUiLCJ0b19kYXRlIjoiMjAxOS0xMC0xNSIsImluaXRpYXRlZF9ieV9jdXN0b21lciI6ZmFsc2V9LCJleHAiOjE1NzExMzU0NjJ9.ec9KRaAZ0EaWQih3PwbCMAXi6M-_pFx7H0_zQr40MxkDSrcxoC5xVex2buJXoPc5s-TOHuoJu69GujzEkiHoHzKE0fveEZzhVPlpVwdZcfd_vXF5HhlI_SZLScR6ahe9ift59c4OhUyz7F_bJKmAPUHqmEoaJoVDuNG84u7zcvuzkm1cNO43PmCUXvudQ7UcuSEUJhAMzATON4ETg3wHU-UrZY8M9V6MBIlvhaEb1RFkcNMZVg9ZO7jNnPEmBpEd4g_L3gHV5xWcnf0-gQa1-CYPvXaWwj7l0ulpxxz8cbb8KQ9kyXiW8OatFMphI7QGpnmHTnjVrKw5g_LhGPpxPQ"
 -H "App-Id: 0UuGui7Z9Li3TgDloOHWew"
 -H "App-Secret: tUKMB4J0L5z23yVWrieDVw"
 -H "Access-Token: b652017778bcaa186d610a5f331e1bf5a903290a8a05696056f6da4a3f662e8af5ab60293d78266ee25e94b4e0ba89a07104dc733a97fb8f9f1269b296550ec7"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/accounts"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "from_date": "2019-07-15",
    "to_date": "2019-10-15",
    "initiated_by_customer": true
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.from_date datetime, optional Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which account data should be fetched. This value will be set to 90 days ago by default.
Default value: 3 months ago.
data.initiated_by_customer boolean, optional Defines whether request was initiated by customer or automatically.
Default value: falseCan raise: ActionNotAllowed
data.to_date datetime, optional Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which account data should be fetched. This value will always be the today’s date by default.
Default value: Today.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "session_secret": "y_WUsu-GrZL38f4pV8Kv"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
Class Code Description
ActionNotAllowed 406 You’re not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Transactions

Returns transactions for a specific account. This endpoint should be called after refreshing Customer data on Salt Edge side.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/:account_id/transactions

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjoyMCwiZnJvbV9pZCI6MzUxfSwiZXhwIjoxNTcxMTM1NDYyfQ.NzbcFfDstYkFcZCWtaBp0ofzhC4WUhkSgMuJ4u27TkKEdE_ZnO9EJiQbB1uvTvgEK9fCa5oIxgmMKzKFNCOkjROFZoIwBIBAg2AFOcu7Ekl7_uaiJh4vGg1oZNOroHDiMriE8C2GWZtSJKPlacGuyPqlgwrOKfeJA_pHC7SZ-vRpr9953PnWVHVvcwo1lk7r3AyKcXfeWocBKQqhZYlh59645zMrDNabz7p0aaRMJc4vsOEepYom--dwKT_2g7vgcR-NyDvBNhLwkB4CWEjQ_Qg_VKdfRREkMHSvH9RIKBwi5vjyuO0n-BKEihdmPBb91_PbYaoQ4_OLzNwiwpD0kg"
 -H "App-Id: 6wmBP9uSHtadvQX5gZK1cg"
 -H "App-Secret: 1wCtniKRL5EXZHM9fqsguQ"
 -H "Access-Token: 23b156119b4b58f65e12191353d70265cc96f81ec8bf32adfe55b6152998c2e732dc5c3fedd35898c6ba738e41d5cbb0f49caeea1e9f278f9d0f25eda6204617"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/:account_id/transactions"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "per_page": 20,
    "from_id": 391
  },
  "exp": 1571135462,
  "account_id": 534
}
Parameter Type Description
account_id integer, required Account identifier on Priora.
Can raise: AccountNotFound
data hash, required Wrapper for the data.
data.from_id integer, optional Return transactions starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
data.per_page integer, optional Number of transactions that should be returned per request.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": 283,
      "account_id": 62,
      "currency_code": "GBP",
      "amount": -1.69,
      "fees": [
        {
        }
      ],
      "description": "example_data.description",
      "extra": {
      },
      "provider_transaction_id": "617",
      "made_on": "2019-10-15T10:29:02.390Z",
      "status": "pending",
      "category": "example_data.category",
      "created_at": "2019-10-15T10:29:02.390Z",
      "updated_at": "2019-10-15T10:29:02.390Z"
    }
  ],
  "meta": {
    "time": "2019-10-15T10:29:02.390Z",
    "next_id": 180
  }
}
Response Type Description
data array, required Wrapper for the data.
data.account_id integer, required Account identifier on Priora.
data.amount float, required Transaction amount
data.category string, optional Transaction category defined on ASPSP side.
data.created_at datetime, required Datetime of transaction creation on Priora side.
data.currency_code string, required Transaction currency code in ISO 4217.
data.description string, required Transaction description.
data.extra hash, optional Any data relevant to the transaction.
Default value: {}
data.fees array, required List of all fees applied to the given transation.
data.id integer, required Transaction identifier on Priora.
data.made_on datetime, required Date on which transaction was processed.
data.provider_transaction_id string, required Transaction identifier on ASPSP side.
data.status string, required Transaction status.
Allowed values: posted, pending
data.updated_at datetime, required Datetime of transaction updation on Priora side.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time when the request was processed.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AccountNotFound 404 Account specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments

Payment Statuses

The current stage of a payment lifecycle is represented in status field. The status of a payment can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.

Payments Show

Endpoint used to fetch all data relevant to a payment including fees, status and other.

Request

GEThttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: X4mDantWSM8eHNkzmiwLzw"
 -H "App-Secret: xuOOY4JenU1YRBZbZDOSdA"
 -H "Access-Token: ba5841695cc81b0a2f837b664a02f7884b1cff7d3f9f94febe6bbd10d5e189297aa2aecc4672e28893c742f959b22e4999b6451ef5934c723165c1f813f82fce"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462,
  "id": 744
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier in Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound

Response

Example of response

{
  "data": {
    "id": 654,
    "status": "waiting_confirmation_code",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 868,
      "secret": "sx52wRn-m9vWdtxcs-F7",
      "status": "fetched_kyc",
      "events": [
        {
        }
      ],
      "success_at": "2019-10-15T10:29:02.871Z",
      "expires_at": "2019-10-15T10:29:02.871Z",
      "fail_at": "2019-10-15T10:29:02.871Z",
      "fail_message": "example_data.session.fail_message"
    },
    "created_at": "2019-10-15T10:29:02.872Z",
    "updated_at": "2019-10-15T10:29:02.872Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes (required and optional) that belong to a payment template which customer fills before creating the payment order.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, executing, closed, fetched_kyc, fetched_accounts, fetched_transactions, fetched_trusted_beneficiaries
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Create

Create a payment order on behalf of Customer

Request

POSThttps://priora.saltedge.com/api/v2/payments

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInRlbXBsYXRlX2lkIjo5NzksInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSIsImJlbmVmaWNpYXJ5X2lkIjozNjgsImZvcmNlX3NjYSI6dHJ1ZSwiZXh0cmEiOnt9LCJwYXltZW50X2F0dHJpYnV0ZXMiOnsicmVxdWlyZWRfa2V5IjoidmFsdWUifX0sImV4cCI6MTU3MTEzNTQ2Mn0.mHHGpI0wpkh5zq6HIj_VZk1JDmmQvWE2tDvfYiuneRDm3FoLpzq67N1oNm3GxBx2BO-Z40IYlIGuJ1KPV4ACsiG3amuc-zJ1oHKXUaFESjjucuskfrv_m-lg2iVmNhNmH6Cbhjt0mP-LSUlAV61BO2rIn2-6yxbVp7XIsYsxn_Dbz84WZBL1gRF9Oi_N79ozGvfCnyvq-grymbFMqnpx-RWHfwhgxik4ukmNiRGe0CSpnFZ3beSaiesaX4Pm-Gvh6l_CDHjw5vkaMDIOviiwhpjBRsgAleGPuzDqqakSjmjVVCe8yUY784v3wkD4iwlYip-bIpzvc92-2jVhwZMFhA"
 -H "App-Id: 1I4spW90bT6WXiEjpZ0oTg"
 -H "App-Secret: 48uhG9j-0UEMEPV_tOm6ug"
 -H "Access-Token: 84c829d7ee0baac8210cd6868a0be370ec318efcea7cbc1b88c6a55977834e107fc80a7eea02a42f024b301af36f490890793ae57af75d68b6195507546cb2c9"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/payments"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "provider_code": "demobank",
    "template_id": 48,
    "redirect_url": "https://user.will.be/redirected/here",
    "beneficiary_id": 626,
    "force_sca": true,
    "extra": {
    },
    "payment_attributes": {
      "required_key": "value"
    }
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.beneficiary_id integer, optional Trusted Beneficiary identifier.
Can raise: TrustedBeneficiaryNotFound
data.extra hash, optional Extra details that should be persisted into session.
Default value: {}
data.force_sca boolean, optional Whether to disregard exemptions and force SCA as a required step to process the payment.
data.payment_attributes hash, required All attributes (required and optional) that belong to a payment template which customer fills before creating the payment order.
data.provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied
data.redirect_url string, optional The URL that the customer will be redirected to proceed with payment. Used for oauth flow.
data.template_id integer, required Payment template identifier on Salt Edge PSD2 Compliance side.
Can raise: TemplateNotFound
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "id": 760,
    "status": "example_data.status",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 66,
      "secret": "mRPjK7kMUCxMvWXyii9d",
      "status": "fetched_accounts",
      "events": [
        {
        }
      ],
      "success_at": "2019-10-15T10:29:02.936Z",
      "expires_at": "2019-10-15T10:29:02.936Z",
      "fail_at": "2019-10-15T10:29:02.936Z",
      "fail_message": "example_data.session.fail_message"
    },
    "created_at": "2019-10-15T10:29:02.936Z",
    "updated_at": "2019-10-15T10:29:02.936Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes(required and optional) that are needed for a successful payment initiation.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, executing, closed, fetched_kyc, fetched_accounts, fetched_transactions, fetched_trusted_beneficiaries
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
TemplateNotFound 404 Template specified in request does not exist or cannot be retrieved.
TrustedBeneficiaryNotFound 404 Trusted Beneficiary specified in request does not exist or cannot be retrieved.
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Confirm

This endpoint is used for processing additional interactive steps in the process of payment creation.

Request

PUThttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjoib2F1dGgifSwiZXhwIjoxNTcxMTM1NDYyfQ.IZnlj-4ypEw8ypASnl1bXsQZ94RyL_fX_APzEMRNomk3K2YGpWLaLlLn0TdAamPyhBY0z-CFRng0nUS7_vKQ5Qzz4C7dAVsWMxBgHGm2sm4fe648vs9yw86bSfLEMO2358owYxH8lU71QoMI3wSv1t67_OITqMBxenqzYt-Z9M2N71LW9ORAe6nY40AR4CU51WT_AKDV9usxa9StrEIPNzBrpOc3SKjL7c8NLS1ICP8cMwwI_GQt8v6fp0HaJAvd2VOPYCaj2rUDGlzZTRgr78i0tkP4fWyL03uDPdFQcrKCp8-R1dI8bWLHPSxvYf7OyRvt9F87MSDrkzXLLWZIRA"
 -H "App-Id: zLFwaF3KLcMA_NOAKMCXsQ"
 -H "App-Secret: tK0wqB14FEWtpiBHCHeshw"
 -H "Access-Token: 44db26565cac908c7cb73d5261e8f44416b7db44918f10df39fbf820d15cb1bf63e2686b6602e67839de301bbbf9d489afa974addb724a13320b4cfad2b431ba"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "credentials": "oauth"
  },
  "exp": 1571135462,
  "id": 168
}
Parameter Type Description
data hash, required Wrapper for credentials pair.
data.credentials hash, required Wraps Customer credentials, it is used for both first(e.g. login, password) and second factors(e.g. one time password). Contents may vary depending on authorization types supported by your Bank.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier in Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "id": 213,
    "status": "example_data.status",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 911,
      "secret": "vFKwuq8RbMTy7oiVmyzm",
      "status": "executing",
      "events": [

], "success_at": "2019-10-15T10:29:02.973Z", "expires_at": "2019-10-15T10:29:02.973Z", "fail_at": "2019-10-15T10:29:02.973Z", "fail_message": "example_data.session.fail_message" }, "created_at": "2019-10-15T10:29:02.973Z", "updated_at": "2019-10-15T10:29:02.973Z" } }

Response Type Description
data hash, required Wrapper for credentials pair.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes (required and optional) that belong to a payment template which customer fills before creating the payment order.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier in Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, executing, closed, fetched_kyc, fetched_accounts, fetched_transactions, fetched_trusted_beneficiaries
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Destroy

Cancel the payment that is in the process of creation, meaning it has not been confirmed yet.

Request

DELETEhttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: axxgxyw-YAqsIP1RHuZjoA"
 -H "App-Secret: rGCxmvT11KPbdRZXc283uA"
 -H "Access-Token: 34c1b0b48de16b79b46cb27a14271322b302de741fb9263267d9df2391a34e87bc4a41ffcf1300bff48bbfbbbb4a7cfc9168670560c441b5301c6ce157417e22"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X DELETE "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462,
  "id": 837
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier in Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "payment_id": 548
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.payment_id integer, required Payment identifier on Connector side. Used to map Salt Edge PSD2 Compliance payments to Connector ones.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Funds Availability

Fundsavailability Check

This endpoint is used to check availability of funds for a specific account.

Request

POSThttps://priora.saltedge.com/api/v2/payments/check_funds

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImFtb3VudCI6MTMuMzQsImN1cnJlbmN5X2NvZGUiOiJFVVIiLCJhY2NvdW50IjoiZXhhbXBsZV9kYXRhLmFjY291bnQifSwiZXhwIjoxNTcxMTM1NDYzfQ.R7w_xsbipLuW4Z85WDr_SYyEZW9Cx6ibi_u-znOeflzRmX7PmPypVMO6YMdjpIvByBz4-q3VIva798RvkJXefykZm5CbRg85aFL_LTDUH5h5RBcVr5TOlg2ISxUlrazhmQ7obyJZV39KvU0M-nhBV0wlnfhOSLiCakOah63SW-K8x4Vh25qEwERavwnP2h8XGlzbBxI0Yta-9J28hDaMFuLYo3U1t4hWKD8rjlfTAkNTkw8pT4ijVYG-zX84ecqP9Uc9U853gbVdWuezs4PWBtScm33znq9e2yGEqFjlmRKP1-bnYgTB-1GVOdNDPqZQLmXB4VFFgtmjrbE4pYaT_g"
 -H "App-Id: CC7UiUUl4OKXV8092nYtbA"
 -H "App-Secret: 5lku48JVZjMIenVGwDXPdA"
 -H "Access-Token: fd4c08fdb07bac733b420d0424b2027effde3d61910713428cee2c1d493d2588189cfe9c57c6dabfe76a8b893dd512fb49ab277593c4b419b704b8cb5ee9a416"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/payments/check_funds"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "amount": -49.75,
    "currency_code": "EUR",
    "account": "example_data.account"
  },
  "exp": 1571135463
}
Parameter Type Description
data hash, required Wrapper for the data.
data.account string, required Account number used to identify the account for prospective payment.
data.amount integer, required Amount to checked for availability.
Values greater than: 0Can raise: ValueOutOfRange
data.currency_code string, required Currency code of the amount to be checked.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "session_secret": "XxaUsuJm1QonSqEhmXro"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Providers

Providers Index

Returns all ASPSPs which have approved access for your TPP. More information could be found at #requesting-provider-access compartment.

Request

GEThttps://priora.saltedge.com/api/v2/providers

CURL

curl -i
 -H "App-Id: k0-_sdZV24MRsbIRu6z8Yg"
 -H "App-Secret: F2_N5m4r9M4CYt_yBpSlGQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -d '{
  "per_page": 20,
  "from_id": 175
}'
-X GET "https://priora.saltedge.com/api/v2/providers"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "per_page": 20,
  "from_id": 943
}
Parameter Type Description
from_id integer, optional Return providers starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
per_page integer, optional Number of providers that should be returned per request or less.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": 850,
      "name": "Example Name",
      "code": "MdtBr",
      "connector_url": "https://user.will.be/redirected/here",
      "status": "test",
      "scopes": "transactions",
      "created_at": "2019-10-15T10:29:02.646Z",
      "updated_at": "2019-10-15T10:29:02.646Z",
      "authorization_types": [
        {
          "code": "9abay",
          "display_name": "Example Name",
          "scopes": [

], "instruction": "example_data.authorization_types.instruction", "extra": { }, "required_fields": [ { } ], "mfa_fields": [ { } ] } ] } ], "meta": { "time": "2019-10-15T10:29:02.647Z", "next_id": 657 } }

Response Type Description
data array, required Wrapper for the data.
data.authorization_types array, required Available authorization types.
data.authorization_types.code string, optional Serves to identify any authorization type within the scope of a Provider on Priora.
data.authorization_types.display_name string, optional Human readable name of given authorization type.
data.authorization_types.extra hash, optional Any extra dara related to the authorization type.
data.authorization_types.instruction string, optional Short instruction for the Customer.
data.authorization_types.mfa_fields array, optional List of all MFA(second+ step) authorization fields and their description.
data.authorization_types.required_fields array, optional List of all required(first step) authorization fields and their description.
data.authorization_types.scopes array, optional List of scopes(permissions) that can be obtained through specific authorization type.
data.code string, required ASPSP code in Priora.
data.connector_url string, required URL to Connector API layer implemented by ASPSP.
data.created_at datetime, required Datetime ASPSP registered in Priora.
data.id integer, required ASPSP identifier in Priora.
data.name string, required ASPSP name.
data.scopes integer, required Scopes supported by ASPSP.
Allowed values: accounts, transactions, kyc, payments, funds_availability, trusted_beneficiaries
data.status string, required Current status of ASPSP.
Allowed values: pending, disabled, test, live, sandbox
data.updated_at datetime, required Datetime ASPSP updated itself.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time when the request was processed.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Providers Templates

Returns all available payment templates which belong to a specific Provider.

Request

GEThttps://priora.saltedge.com/api/v2/providers/:provider_code/templates

CURL

curl -i
 -H "App-Id: 7eaaZ6_cLjdJ9c57QaQYpQ"
 -H "App-Secret: WZ-vGy_oSUVvFzFDyDs_8w"
 -H "Client-Request-Id: example_Client-Request-Id"
 -d '{
  "provider_code": "demobank"
}'
-X GET "https://priora.saltedge.com/api/v2/providers/:provider_code/templates"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "provider_code": "demobank"
}
Parameter Type Description
provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied

Response

Example of response

{
  "data": [
    {
      "id": 146,
      "description": "example_data.description",
      "provider_id": 676,
      "payment_type": "transfer",
      "default": false,
      "extra": {
      },
      "created_at": "2019-10-15T10:29:02.677Z",
      "updated_at": "2019-10-15T10:29:02.677Z",
      "payment_attributes": [
        {
          "attribute_name": "Example Name",
          "attribute_type": "text",
          "label": "example_data.payment_attributes.label",
          "optional": true,
          "position": 120,
          "values": [

] } ] } ] }

Response Type Description
data array, required Wrapper for the data.
data.created_at datetime, required Datetime of template creation on Priora side.
data.default boolean, required States whether given template is default or not.
Allowed values: true, false
data.description string, required Short description of payment template.
data.extra hash, required Extra details that should be persisted into session.
data.id integer, required Template identifier.
data.payment_attributes array, required Contains a list of payment attributes with their characteristics.
data.payment_attributes.attribute_name string, required Name of the attribute, should be used by application as input field name.
data.payment_attributes.attribute_type string, required Type of the input field that should be used.
Allowed values: text, number, dropdown
data.payment_attributes.label string, required Human readable label for presentation of the payment attribute.
data.payment_attributes.optional boolean, required Flag that shows whether the attribute is optional or not.
Allowed values: true, false
data.payment_attributes.position integer, required Position index of the attribute within payment template, should be considered when rendering the template.
data.payment_attributes.values array, optional List of possible values for a given payment attribute.
data.payment_type string, required Specifies the type of payment associated with a preregistered template.
data.provider_id integer, required Identifies Provider under which template was defined.
data.updated_at datetime, required Datetime of last template updation on Priora side.
Class Code Description
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Sessions

Sessions Show

Due to the asynchronus nature of requests, most of responses represent a session_secret. This endpoint could be used to verify the currrent state of newly created sessions.

Request

GEThttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: LmGNBNGeQBoieZcgw1foOw"
 -H "App-Secret: _0Ul4f-4Av4n_TKpzXyXLQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462,
  "secret": "XPA2sV_xYHnet-jBR9sE"
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Another session identifier that can be used for session lookup and confirmation.
Can raise: SessionNotFound

Response

Example of response

{
  "data": {
    "id": 289,
    "secret": "yuHXztitndXnCaWcfxy1",
    "status": "processing",
    "extra": {
      "scopes": [
        "accounts",
        "transactions",
        "kyc",
        "payments",
        "funds_availability",
        "trusted_beneficiaries"
      ]
    },
    "token": {
      "access_token": "hQvr5xL8T1aKYN5PDBMn",
      "refresh_token": "uYdCAupbseDMxsNYce_c",
      "expires_at": "2019-10-15T10:29:02.774Z"
    },
    "fail_at": "2019-10-15T10:29:02.774Z",
    "success_at": "2019-10-15T10:29:02.774Z",
    "created_at": "2019-10-15T10:29:02.774Z",
    "updated_at": "2019-10-15T10:29:02.774Z",
    "events": [
      {
      }
    ],
    "authorization_details": {
    },
    "customer_id": 480,
    "provider_code": "demobank"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.authorization_details hash, optional Data which was used for authorization.
data.created_at datetime, required Datetime of session creation.
data.customer_id integer, optional Salt Edge PSD2 Compliance customer id.
data.events array, required Session progress events.
data.extra hash, required Extra details that should be persisted into session.
data.extra.scopes array, optional Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability, trusted_beneficiaries
data.fail_at datetime, optional Datetime of session failure.
data.id integer, required Session identifier in Salt Edge PSD2 Compliance.
data.provider_code string, required Human readable Provider identifier.
data.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.status string, required Conveys current status of the operation.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, executing, closed, fetched_kyc, fetched_accounts, fetched_transactions, fetched_trusted_beneficiaries
data.success_at datetime, optional Datetime of session successful closure.
data.token hash, optional Access token that will be used to access ASPSP data.
data.token.access_token string, required A unique string which grants access to TPP to perform actions for Customer.
data.token.expires_at datetime, required Datetime of token expiration.
data.token.refresh_token string, required Token which can be used to refresh an expired access token.
data.updated_at datetime, required Datetime of last session updation.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Sessions Confirm

This endpoint is used for processing additional interactive steps in the process of access token creation.

Request

PUThttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjoib2F1dGgifSwiZXhwIjoxNTcxMTM1NDYyfQ.IZnlj-4ypEw8ypASnl1bXsQZ94RyL_fX_APzEMRNomk3K2YGpWLaLlLn0TdAamPyhBY0z-CFRng0nUS7_vKQ5Qzz4C7dAVsWMxBgHGm2sm4fe648vs9yw86bSfLEMO2358owYxH8lU71QoMI3wSv1t67_OITqMBxenqzYt-Z9M2N71LW9ORAe6nY40AR4CU51WT_AKDV9usxa9StrEIPNzBrpOc3SKjL7c8NLS1ICP8cMwwI_GQt8v6fp0HaJAvd2VOPYCaj2rUDGlzZTRgr78i0tkP4fWyL03uDPdFQcrKCp8-R1dI8bWLHPSxvYf7OyRvt9F87MSDrkzXLLWZIRA"
 -H "App-Id: xvQBrfg_4PKh_mPda3tGrw"
 -H "App-Secret: YZx3G60yp8BF8YYb0bm_xA"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "credentials": "oauth"
  },
  "exp": 1571135462,
  "secret": "v5XVTJKcsNAew82bVBZK"
}
Parameter Type Description
data hash, required Wrapper for the data.
data.credentials hash, required Wrapper for confirmation code pair.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Another session identifier that can be used for session lookup and confirmation.
Can raise: SessionNotFound, SessionClosed, SessionExpired, ActionNotAllowed

Response

Example of response

{
  "data": {
    "id": 679,
    "secret": "rX4UKqWreLti8vWM8bir",
    "status": "fetched_kyc",
    "extra": {
      "scopes": [
        "accounts",
        "transactions",
        "kyc",
        "payments",
        "funds_availability",
        "trusted_beneficiaries"
      ]
    },
    "token": {
      "access_token": "MTehXZ4MHVuAjyzGn-ZR",
      "refresh_token": "gg2-xq_tf6k7dXqB5z9T",
      "expires_at": "2019-10-15T10:29:02.838Z"
    },
    "fail_at": "2019-10-15T10:29:02.838Z",
    "success_at": "2019-10-15T10:29:02.838Z",
    "created_at": "2019-10-15T10:29:02.838Z",
    "updated_at": "2019-10-15T10:29:02.838Z",
    "events": [
      {
      }
    ],
    "authorization_details": {
    },
    "customer_id": 428,
    "provider_code": "demobank"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.authorization_details hash, optional Data which was used for authorization.
data.created_at datetime, required Datetime of session creation.
data.customer_id integer, optional Salt Edge PSD2 Compliance customer id.
data.events array, required Session progress events.
data.extra hash, required Extra details that should be persisted into session.
data.extra.scopes array, optional Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability, trusted_beneficiaries
data.fail_at datetime, optional Datetime of session failure.
data.id integer, required Session id.
data.provider_code string, required Human readable Provider identifier.
data.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.status string, required Conveys current status of the operation.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, executing, closed, fetched_kyc, fetched_accounts, fetched_transactions, fetched_trusted_beneficiaries
data.success_at datetime, optional Datetime of session successful closure.
data.token hash, optional Access token that will be used to access ASPSP data.
data.token.access_token string, required A unique string which grants access to TPP to perform actions for Customer.
data.token.expires_at datetime, required Datetime of token expiration.
data.token.refresh_token string, required Token which can be used to refresh an expired access token.
data.updated_at datetime, required Datetime of last session updation.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
ActionNotAllowed 406 You’re not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Sessions Destroy

Cancel session.

Request

DELETEhttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: Jw8EPmyGmj75Yiv9F4IcnA"
 -H "App-Secret: IVAQYv8yNuekso53Kg93hQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X DELETE "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462,
  "secret": "VtAcAYpzy1ySvZoNAu6V"
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Session secret.
Can raise: SessionNotFound, SessionClosed, SessionExpired, ActionNotAllowed

Response

Example of response

{
  "data": {
    "session_secret": "45zbqLKUqQ1MaUu9fzd9"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
ActionNotAllowed 406 You’re not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Session Extra

Attribute Type Description
scopes array of strings, optional Token scopes.
device_info object, optional Contains mobile platform and push_token.
public_key string, optional RSA public key.
return_to string, optional URL for redirection after authentication process is carried out.
funds_available boolean, optional Whether funds are available or not

Session Actions

Each and every session has an action associated to it that represents session’s purpose.

Action Purpose
check_funds Process of checking for coverage of a payment by Customer’s account.
create_token Creation of a token with the purpose of granting access to bank data for client applications.
refresh_token Refreshing of an expired access token.
revoke_token Revocation of an access token.
refresh_accounts Instruction for Priora to refresh data obtained from the bank.
create_payment Initiation of a payment.

Session Statuses

The current stage of a session lifecycle is represented in status field. The status of a session can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.
fetched_kyc Priora has received the information about Customer.
fetched_accounts Priora has received the accounts of Customer.
fetched_transactions Priora has received the transactions or Customer.

Tokens

Initiate a linking process for a provider. The client application has to handle all the authentication UI in this flow (see Provider authorization_types). During the lifecycle, events will be added to the session which will send callbacks to your application.

Tokens Remote

Initiate the process of authentication on behalf of Customer. Prior to this, TPP is required to ask Customer for consent. During this process, TPP will receive callbacks with instructions and current status of session.

Request

POSThttps://priora.saltedge.com/api/v2/tokens/remote

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNjb3BlcyI6WyJhY2NvdW50cyIsInRyYW5zYWN0aW9ucyIsImt5YyIsInBheW1lbnRzIiwiZnVuZHNfYXZhaWxhYmlsaXR5IiwidHJ1c3RlZF9iZW5lZmljaWFyaWVzIl0sImNvbnNlbnRfcGVyaW9kX2RheXMiOjkwLCJmb3JjZV9zY2EiOmZhbHNlLCJjcmVkZW50aWFscyI6eyJhdXRob3JpemF0aW9uX3R5cGUiOiJvYXV0aCJ9fSwiZXhwIjoxNTcxMTM1NDYyfQ.AHub5oTafprQ3xIfdu5lanBm4Z5Rqq8M9a0KWiNzB9HmnoKL1TTtKrumeClWUwTDTS2M7YfZopsTUDuHaiRrSVLRYae_PYTuvbeVVbhcWgxurrWXBygZBVG0TSgisjXX7qfviNvxTK4bnnzamNy26D4DAS3FIf3b1Fo0dvKVQVxvKa9Af8OdNG4ZaB10nZ7a_Yju6oqd4fI30bnaDvt5hXTArIpQESNGM1xxdpKCxpNXppeZiroFGH36KGdA1mpeAIBLF6YkDAKABppuIvaqEUSn06p-yK9KyNO0LOCGcg3nj-1ttm6Fx2m2nDo4iOsZViAnz0QThNg0rpjgGa6QMQ"
 -H "App-Id: A3XMJM-J-ltTHYg7F7eGTA"
 -H "App-Secret: qsuOapzAF7XFhV6MR46-Ug"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tokens/remote"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

Response

Example of response

{
  "data": {
    "session_secret": "s3Y6CsXaZbyz6KsquqAd"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
Can raise: SessionNotFound
Class Code Description
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ScopesInvalid 400 Specified scopes don’t match with the ones specified in Provider or OAuthApp. More info in error_message
AuthorizationTypeNotFound 401 Authorization Type specified in request does not exist or cannot be retrieved.
WrongRequiredFields 401 Specified required fields were not provided. More info in error_message
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.

Tokens Reconnect

This endpoint allows TPP to refresh current Access-Token. The behavior can be the following: ASPSP can just return a new token, ask for MFA or ask for reconnection. In any of the cases above TPP will receive a session callback and the following behavior will be stored in the session object.

Request

POSThttps://priora.saltedge.com/api/v2/tokens/reconnect

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbnNlbnRfYXBwcm92ZWQiOnRydWV9LCJleHAiOjE1NzExMzU0NjJ9.BMQ1ypjt4ErqkhMbmEBvTUuV_MIH4ucAfvPw2RFnoH134XmLXZQC3_GsgKezP1pKFesCx_Hlg7SINsxPOAWwPnEp6kAA1h8nBxJpnrG7yKwVZRSGljMMmboFqJQ6LvEMCX0eanBlEj2i8KuZPt9RA6WXghN0u93iWMafRr-dj_eUA_W29uem6Y5_Udw5pST3moDb5kH8ZKm3gaqKhp2XMsPxRhowCRpt9chYvP-JiWjMVgJNoDeVHljSwN-hC-R17pGqqzIgUW1CEIT8PopjHho0mN97PSvyPMp_Uu9hgWqHuMZGUUfjfQ0Zs8saTaUiDWOusuyskhXpwSCzjGdlmA"
 -H "App-Id: aPLbNvEU9cveXm3O_ipMhw"
 -H "App-Secret: BJ7Uqlfy2MHxXEtcvwwr0w"
 -H "Access-Token: 45982ddf5124a20e87bcb427685bface13c1ca3abc828ab7682a00546d4b145c8b03c967099bd8906afec1d94b4b11ca4418ea5ddb64fce49890c859b0c469d9"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tokens/reconnect"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "consent_approved": true
  }
}
Parameter Type Description
data hash, required Wrapper for the data.
data.consent_approved boolean, required A flag which determines whether a PSU approved reconnection process or not.
Allowed values: true

Response

Example of response

{
  "data": {
    "session_secret": "UzFRSpkdmWk5Q_dAgvhE"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Refresh

Refresh an access token that has expired.

Request

POSThttps://priora.saltedge.com/api/v2/tokens/refresh

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: exmWzvn0x4lDRuyP9Emfig"
 -H "App-Secret: cYXqzA4ToOKI8f_p_pUyfQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -H "Refresh-Token: example_Refresh-Token"
 -X POST "https://priora.saltedge.com/api/v2/tokens/refresh"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Refresh-Token string, required Token issued to refresh expired Access Token.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "refreshed": false,
    "access_token": "k8MmUS95DZib_oyUHy-t",
    "expires_at": "2019-10-15T10:29:02.585Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token string, required A unique string which grants access to TPP to perform actions for Customer.
data.expires_at datetime, required When does new access token expire.
data.refreshed boolean, required Whether token was refreshed or not.
Allowed values: true, false
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Revoke

Revoke the

Request

DELETEhttps://priora.saltedge.com/api/v2/tokens

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: B_KOFS7ROqEobTwpuaj83Q"
 -H "App-Secret: EBuQ24o1IlsNiLurIAuQhg"
 -H "Access-Token: 0dfb6d79e40fa8a5167baf547722dbc0c47dd2a6a4d41823ce909fe83d5811faf7b23ce4d956a876365bff792aef363ff527efe6f7041a7fe5ecc6d364746d9d"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X DELETE "https://priora.saltedge.com/api/v2/tokens"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "revoked": false,
    "access_token": "5BWYuR6jLScQ-svx4gHG"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token string, required Token which was revoked or not.
data.revoked boolean, required Whether token was revoked or not.
Allowed values: true, false
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Show

Return current state of a token.

Request

GEThttps://priora.saltedge.com/api/v2/tokens

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTcxMTM1NDYyfQ.G2LzGd0-dXrvdHdJce2WvowFmtZ81zD98SYDqYRX4boJT35k8-zW2u1rIXCccN1uS61OYBsvYot4CbrE1tKBVIBiLQztYEDfDrD1mzK_B8fM4ERsy0ZELafUrHi2TMrnjntMO5SdAARNPo435sxbaIGpSTZnZ28TrvNgype9XR4czfH_pc3Vz4myxrt9_Cjy3Pp19lu8Cxb9bmSRr2G_BVDFCHbLKqzuio3NP0amWpml1bXW6uebOe6kR-OnRJQuvoK4AO0oQC9695d7QVwx6PBZCKRekqAw1HCME1NgWX88WwqmU3KEoYsMyDyeF_jAXmK4ebxG16f1e5aPttrU_Q"
 -H "App-Id: uR8Bf5I06wxfG2cu4TY6VQ"
 -H "App-Secret: _rCPYdi7pa9LLv-f0HMJnw"
 -H "Access-Token: d866c327d62fc8704e2c1262421fe9c85189950ed72c63395b8ccd46bc290a3ddda6ddadeefee99f0eb33b8e7e2a3f25bf7aab0df253d8de281f0909dac67273"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/tokens"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "scopes": [
      "accounts",
      "transactions",
      "kyc",
      "payments",
      "funds_availability",
      "trusted_beneficiaries"
    ],
    "refresh_token": "VjL1xgdKNcjXUQdsi4Tq",
    "access_token_expires_at": "2019-10-15T10:29:02.489Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token_expires_at datetime, required When does access token expire.0
data.refresh_token string, required Token which can be used to refresh an expired access token.
data.scopes array, required Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability, trusted_beneficiaries
Class Code Description
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Trusted Beneficiaries

Trustedbeneficiaries Create

Create a trusted beneficiary on behalf of Customer.

Request

POSThttps://priora.saltedge.com/api/v2/trusted_beneficiaries

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImlkZW50aWZpZXJzIjp7ImliYW4iOiIqKioqKjA5MTkiLCJzd2lmdF9jb2RlIjpudWxsfSwiYWxpYXNfbmFtZSI6IkV4YW1wbGUgTmFtZSIsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSIsInRlbXBsYXRlX2lkIjoxNjIsImV4dHJhIjp7fX0sImV4cCI6MTU3MTEzNTQ2Mn0.lSWaNl0e8C3P2nQ8W5cjf6Xut2w3BfJfJ4Eb0OilU4WYnbbp_0mgOKf22XyBrPwtaJuu5IpHrVSAog3urCMtu5XyhHfNwcy3qRcDYeTLwTapYVAMzRmWF1BUjpsyLMcDxMcZK1Omd_1edD3ZGyqKFkTCQxn7cGwo-Re2KkxHTezLpJns0VQxAWAhb2r-IsOpdB_-6NG0zcpbxN_-Bw-PE4Yu0qQNL8hWh1K1CEqWoVTqhaqUv2ogVd2a2nuIHG9f1aSIkSvSPdfFt_6CBWhMuShPAh_5tpgBFL9aP2_al_dt4NtPRYslKkty09puF5bbkEHhWc58rm9kRGyljHFs7g"
 -H "App-Id: wPKtIkQ0Xpje0tWgwjIsDA"
 -H "App-Secret: IcpPGviGIqHvuAMjwaukRw"
 -H "Access-Token: 8b6f72cb7922e23feb4d3541515889b4968b8a16716187d38d1ad4c58b25fff892cf9b13633f5341b3dd438edccc773dceab6076970b31b5f1084e5c1f1a98da"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/trusted_beneficiaries"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "identifiers": {
      "iban": "*****0919",
      "swift_code": null
    },
    "alias_name": "Example Name",
    "redirect_url": "https://user.will.be/redirected/here",
    "template_id": 777,
    "extra": {
    }
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.alias_name string, required Any human-readable description that is used to identify the trusted beneficiary on TPP side.
data.extra hash, optional Extra details that should be persisted into session.
Default value: {}
data.identifiers hash, required Payment attributes.
data.redirect_url string, optional The URL that the customer will be redirected to proceed with trusted beneficiary. Used for oauth flow.
data.template_id integer, required Payment template identifier on Salt Edge PSD2 Compliance side.
Can raise: TemplateNotFound
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "beneficiary_id": 794,
    "session_secret": "a59RoWyVBC9BbFnNyxHG",
    "status": "processing"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.beneficiary_id integer, required Trusted Beneficiary identifier on Salt Edge PSD2 Compliance side.
data.session_secret string, required Session identifier in Salt Edge PSD2 Compliance.
data.status string, required Conveys current status of the operation.
Allowed values: processing
Class Code Description
TemplateNotFound 404 Template specified in request does not exist or cannot be retrieved.
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Trustedbeneficiaries Index

Endpoint used to fetch all data relevant to trusted beneficiaries.

Request

GEThttps://priora.saltedge.com/api/v2/trusted_beneficiaries

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayJ9LCJleHAiOjE1NzExMzU0NjJ9.L9dPg4fe23LyzNo6j_S1Y_HV-sd2y3-ir2M98LugCWw7cAJ9t6hcCHbZ6ZSOsojEsGWWcQrnLQmSzSbclWN-uWlP-UDENtWy0pphRcp_yV8pmzul2GTK1_7CxIbYVpLsEsAQR6e7YnRYRwQYA0BHrSPc-Wz4MHc0b5O7rSntosryjZLtxwbEtBFsQC8zjZv03hxf2vcLFiYWEWgoxVZZEeQ4mL4taxKx8UvZWaestXjU0ivRBeicgVhr5nv0rglDAvJ5OUSDJduFLDsYCjkfdNz8d8DF5DCpOSkUdEh4DYyOfQvVdghpMm_xf7qErrhlWeQ0bZOv7dicm1N-H0Ccfw"
 -H "App-Id: -Ou6F1I6tv0QGr5vmG2COg"
 -H "App-Secret: KYG38TSJNPNOrtdGNnVp0g"
 -H "Access-Token: c85f5400c64b83e5b7b9336e9bf137316c57355f6b33505e760fc2f50379a6653abe0f6c41f4d7ef6bc647ab7f400ea65c2ebe2ec335d8760bc55ecf047c21b0"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/trusted_beneficiaries"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound, ConfigurationError
App-Secret string, required Application’s app_secret from connection details tab.
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "provider_code": "demobank"
  },
  "exp": 1571135462
}
Parameter Type Description
data hash, required Wrapper for the data.
data.provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied
exp integer, required The lifetime of the request in timestamp UTC format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": 281,
      "alias_name": "Example Name",
      "status": "approved",
      "template_id": "819",
      "identifiers": {
        "iban": "*****0919",
        "swift_code": null
      },
      "provider_code": "demobank"
    }
  ]
}
Response Type Description
data array, required Wrapper for the data.
data.alias_name string, required Any human-readable description that is used to identify the trusted beneficiary on TPP side.
data.id integer, required Trusted Beneficiary identifier on Salt Edge PSD2 Compliance side.
data.identifiers hash, required Object which maps the field of related payment template with its masked value. The value can be also empty.
data.provider_code string, required Human readable Provider identifier.
data.status string, required Conveys current status of the operation.
Allowed values: approved
data.template_id string, required Payment template identifier on Salt Edge PSD2 Compliance side.
Class Code Description
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ValueOutOfRange 400 One of specified values are out of range.
AuthorizationMissing 400 Authorization header is missing.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
ConfigurationError 400 Missing configurations in dashboard.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Sandboxes

Spain

MySodexo Sandbox

Usage

To connect to MySodexo Sandbox, please use provider code mysodexo_es_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Email address (Email) mysodexo_es_xf@gmail.com
Password (Сontraseña) passw0rd

France

LCL Prépayé Enterprise Sandbox

Usage

To connect to LCL Prépayé Enterprise Sandbox, please use provider code lcl_prepaye_enterprise_fr_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Identifier (Identifiant) 1223334444
Personal code (Code personnel) 123456

United Kingdom

AEG Sandbox

Usage

To connect to AEG Sandbox, please use provider code aeg_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code aeg_gb_xf_user
Password/code passw0rd

Allianz Sandbox

Usage

To connect to Allianz Sandbox, please use provider code allianz_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allianz_gb_xf_user
Password/code passw0rd

Allsave Sandbox

Usage

To connect to Allsave Sandbox, please use provider code allsave_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allsave_gb_xf_user
Password/code passw0rd

Bank of East Asia UK Sandbox

Usage

To connect to Bank of East Asia UK Sandbox, please use provider code bank_of_east_asia_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Cyberbanking No. 12345678901
PIN 12345678912345
OTP 123456

BENEFEX Sandbox

Usage

To connect to BENEFEX Sandbox, please use provider code benefex_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code benefex_gb_xf_user
Password/code passw0rd

BMW UK Ltd Sandbox

Usage

To connect to BMW UK Ltd Sandbox, please use provider code bmwuk_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bmwuk_ltd_gb_xf_user
Password/code passw0rd

Bournemouth University Sandbox

Usage

To connect to Bournemouth University Sandbox, please use provider code bournemouth_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bournemouth_university_gb_xf_user
Password/code passw0rd

Brinc (Health Service Discounts) Sandbox

Usage

To connect to Brinc (Health Service Discounts) Sandbox, please use provider code brinc_health_service_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code brinc_health_service_discounts_gb_xf_user
Password/code passw0rd

Byblos Bank Europe Sandbox

Usage

To connect to Byblos Bank Europe Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111

Direct Line Group Sandbox

Usage

To connect to Direct Line Group Sandbox, please use provider code direct_line_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code direct_line_group_gb_xf_user
Password/code passw0rd

Drax Power Ltd Sandbox

Usage

To connect to Drax Power Ltd Sandbox, please use provider code drax_power_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code drax_power_ltd_gb_xf_user
Password/code passw0rd

E-Spree Sandbox

Usage

To connect to E-Spree Sandbox, please use provider code e_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code e_spree_gb_xf_user
Password/code passw0rd

Exeter University Sandbox

Usage

To connect to Exeter University Sandbox, please use provider code exeter_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code exeter_university_gb_xf_user
Password/code passw0rd

1st Option Consulting Ltd Sandbox

Usage

To connect to 1st Option Consulting Ltd Sandbox, please use provider code first_option_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code first_option_consulting_gb_xf_user
Password/code passw0rd

Fuel Gift Card Sandbox

Usage

To connect to Fuel Gift Card Sandbox, please use provider code fuel_gift_card_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fuel_gift_card_gb_xf_user
Password/code passw0rd

Fujifilm Sandbox

Usage

To connect to Fujifilm Sandbox, please use provider code fujifilm_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fujifilm_gb_xf_user
Password/code passw0rd

Generic Spree Sandbox

Usage

To connect to Generic Spree Sandbox, please use provider code generic_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code generic_spree_gb_xf_user
Password/code passw0rd

Geopost Sandbox

Usage

To connect to Geopost Sandbox, please use provider code geopost_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code geopost_gb_xf_user
Password/code passw0rd

Getronics Sandbox

Usage

To connect to Getronics Sandbox, please use provider code getronics_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code getronics_gb_xf_user
Password/code passw0rd

Giant Group Sandbox

Usage

To connect to Giant Group Sandbox, please use provider code giant_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code giant_group_gb_xf_user
Password/code passw0rd

Glory Dale Sandbox

Usage

To connect to Glory Dale Sandbox, please use provider code glory_dale_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code glory_dale_gb_xf_user
Password/code passw0rd

GMAC Sandbox

Usage

To connect to GMAC Sandbox, please use provider code gmac_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code gmac_gb_xf_user
Password/code passw0rd

Group Schemes Sandbox

Usage

To connect to Group Schemes Sandbox, please use provider code group_schemes_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code group_schemes_gb_xf_user
Password/code passw0rd

Guaranty Trust Bank UK Sandbox

Usage

To connect to Guaranty Trust Bank UK Sandbox, please use provider code gt_bank_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User ID gt_bank_gb_xf
Secret question answer hunter2
Login code 123456
Payee Code secret

Hays Recruitment Sandbox

Usage

To connect to Hays Recruitment Sandbox, please use provider code hays_recruitment_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hays_recruitment_gb_xf_user
Password/code passw0rd

Healthineers Sandbox

Usage

To connect to Healthineers Sandbox, please use provider code healthineers_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code healthineers_gb_xf_user
Password/code passw0rd

HP Sandbox

Usage

To connect to HP Sandbox, please use provider code hp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hp_gb_xf_user
Password/code passw0rd

In2 Resourcing Sandbox

Usage

To connect to In2 Resourcing Sandbox, please use provider code in2_resourcing_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code in2_resourcing_gb_xf_user
Password/code passw0rd

IQSA Services LTD Sandbox

Usage

To connect to IQSA Services LTD Sandbox, please use provider code iqsa_services_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iqsa_services_ltd_gb_xf_user
Password/code passw0rd

Iron Mountain Sandbox

Usage

To connect to Iron Mountain Sandbox, please use provider code iron_mountain_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iron_mountain_gb_xf_user
Password/code passw0rd

JCB Sandbox

Usage

To connect to JCB Sandbox, please use provider code jcb_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code jcb_gb_xf_user
Password/code passw0rd

Kering (Gucci Group Services) Sandbox

Usage

To connect to Kering (Gucci Group Services) Sandbox, please use provider code kering_gucci_group_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code kering_gucci_group_services_gb_xf_user
Password/code passw0rd

LBI (Digitas) Sandbox

Usage

To connect to LBI (Digitas) Sandbox, please use provider code lbi_digitas_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lbi_digitas_gb_xf_user
Password/code passw0rd

Lifestyle Sandbox

Usage

To connect to Lifestyle Sandbox, please use provider code lifestyle_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lifestyle_gb_xf_user
Password/code passw0rd

Lincoln Uni Sandbox

Usage

To connect to Lincoln Uni Sandbox, please use provider code lincoln_uni_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lincoln_uni_gb_xf_user
Password/code passw0rd

Monclear Sandbox

Usage

To connect to Monclear Sandbox, please use provider code monclear_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code monclear_gb_xf_user
Password/code passw0rd

Motivcom Sandbox

Usage

To connect to Motivcom Sandbox, please use provider code motivcom_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code motivcom_gb_xf_user
Password/code passw0rd

My Spree Sandbox

Usage

To connect to My Spree Sandbox, please use provider code my_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code my_spree_gb_xf_user
Password/code passw0rd

Nasa Consulting Sandbox

Usage

To connect to Nasa Consulting Sandbox, please use provider code nasa_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code nasa_consulting_gb_xf_user
Password/code passw0rd

Online Tax Rebates Sandbox

Usage

To connect to Online Tax Rebates Sandbox, please use provider code online_tax_rebates_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code online_tax_rebates_gb_xf_user
Password/code passw0rd

Parasol Group Sandbox

Usage

To connect to Parasol Group Sandbox, please use provider code parasol_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code parasol_group_gb_xf_user
Password/code passw0rd

Paystream Sandbox

Usage

To connect to Paystream Sandbox, please use provider code paystream_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code paystream_gb_xf_user
Password/code passw0rd

Premier Foods Sandbox

Usage

To connect to Premier Foods Sandbox, please use provider code premier_foods_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code premier_foods_gb_xf_user
Password/code passw0rd

PSCashback Sandbox

Usage

To connect to PSCashback Sandbox, please use provider code ps_cashback_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_cashback_gb_xf_user
Password/code passw0rd

PSDiscounts Sandbox

Usage

To connect to PSDiscounts Sandbox, please use provider code ps_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_discounts_gb_xf_user
Password/code passw0rd

PSL Sandbox

Usage

To connect to PSL Sandbox, please use provider code psl_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code psl_gb_xf_user
Password/code passw0rd

Red Contractors Sandbox

Usage

To connect to Red Contractors Sandbox, please use provider code red_contractors_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code red_contractors_gb_xf_user
Password/code passw0rd

Royal Sun Alliance Sandbox

Usage

To connect to Royal Sun Alliance Sandbox, please use provider code royal_sun_alliance_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code royal_sun_alliance_gb_xf_user
Password/code passw0rd

SAP Sandbox

Usage

To connect to SAP Sandbox, please use provider code sap_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sap_gb_xf_user
Password/code passw0rd

Say Reward Sandbox

Usage

To connect to Say Reward Sandbox, please use provider code say_reward_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code say_reward_gb_xf_user
Password/code passw0rd

Seat UK Sandbox

Usage

To connect to Seat UK Sandbox, please use provider code seat_uk_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code seat_uk_gb_xf_user
Password/code passw0rd

Sharp Sandbox

Usage

To connect to Sharp Sandbox, please use provider code sharp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sharp_gb_xf_user
Password/code passw0rd

Siemens PLC Sandbox

Usage

To connect to Siemens PLC Sandbox, please use provider code siemens_plc_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code siemens_plc_gb_xf_user
Password/code passw0rd

Simply Spree Sandbox

Usage

To connect to Simply Spree Sandbox, please use provider code simply_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code simply_spree_gb_xf_user
Password/code passw0rd

Skybox Sandbox

Usage

To connect to Skybox Sandbox, please use provider code skybox_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code skybox_gb_xf_user
Password/code passw0rd

Sodexo Onsite Services Sandbox

Usage

To connect to Sodexo Onsite Services Sandbox, please use provider code sodexo_onsite_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sodexo_onsite_services_gb_xf_user
Password/code passw0rd

Stewart Milne Sandbox

Usage

To connect to Stewart Milne Sandbox, please use provider code stewart_milne_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code stewart_milne_gb_xf_user
Password/code passw0rd

Team Rewards Sandbox

Usage

To connect to Team Rewards Sandbox, please use provider code team_rewards_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code team_rewards_gb_xf_user
Password/code passw0rd

Tilney Sandbox

Usage

To connect to Tilney Sandbox, please use provider code tilney_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tilney_gb_xf_user
Password/code passw0rd

TUI (NEW DAY) Sandbox

Usage

To connect to TUI (NEW DAY) Sandbox, please use provider code tuinewday_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tuinewday_gb_xf_user
Password/code passw0rd

UIB Sandbox

Usage

To connect to UIB Sandbox, please use provider code uib_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code uib_gb_xf_user
Password/code passw0rd

Utility Warehouse UK Sandbox

Usage

To connect to Utility Warehouse UK Sandbox, please use provider code utility_warehouse_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Member No./ username 7989366
Password passw0rdpassw0rdpass

Volvo Sandbox

Usage

To connect to Volvo Sandbox, please use provider code volvo_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code volvo_gb_xf_user
Password/code passw0rd

XPO HOLDINGS Sandbox

Usage

To connect to XPO HOLDINGS Sandbox, please use provider code xpoholdings_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code xpoholdings_gb_xf_user
Password/code passw0rd

Habib Bank AG Zurich Sandbox

Usage

To connect to Habib Bank AG Zurich Sandbox, please use provider code habib_zurich_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Logninname habibuser
Password Passw0rd
Token 123456
OTP 123456

Sweden

Lunchkultur Sandbox

Usage

To connect to Lunchkultur Sandbox, please use provider code lunchkultur_se_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
National ID Number, “YYMMDDNNNN” 1223334444

Belgium

Byblos BE Sandbox

Usage

To connect to Byblos UK Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111

Lithuania

Trustcom Financial UAB Sandbox

Usage

To connect to Trustcom Financial UAB Sandbox, please use provider code trustcom_financial_lt_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Account ID 1234567
Password passw0rd
SMS PIN 123456

Cyprus

Jordan Ahli Sandbox

Usage

To connect to Jordan Ahli Sandbox, please use provider code jordan_ahli_cy_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username 1234567
Captcha Captcha1
Password Passw0rd