NAV Navbar
Short white logo

Getting Started

Definitions

Term Definition
AISP Account Information Service Provider. A Client application that allows a Customer to list account and holder information.
Client A 3rd party financial application.
Connector Proxy interface before Provider’s API.
Customer A bank account holder.
PISP Payment Initiation Service Provider. A Client application that allows a Customer to initiate payments on their behalf.
PIISP Payment Issuer Instrument Service Provider. A Client application that checks coverage of a payment by Customer’s account.
Provider Any registered bank or financial institution.
Session Any activity that is forwarded by Priora to Connector on behalf of a Customer.
Scopes A set of permissions granted to a Client application.
TPP Unregulated Third Party Provider.

Registration

The process of TPP registration is made via an API request. In order to access ASPSP Sandbox you need to use eIDAS QSEAL test certificate. Access to production environment is allowed only with production QSEAL certificates.

Client configuration & API keys

Any client may have any number of Client Applications, them being essentially API keys(ID and secret). These applications serve to identify a specific Client configuration. For example, say we have a company X that identifies itself as a PFM. Suppose it targets mobile devices(iOS, Android) and web browsers, thus they would have to configure three client applications, one for Apple devices, another for Android devices, and one for web browsers. Or maybe Company X needs to test their new features within staging environment first, then it would be convenient to configure another client application for these purposes.

But before managing API keys it is wise to configure the Client itself. In order to do this, navigate to Client Settings. In details tab you may modify your Client’s name and email, as well as select permissions with which you wish to operate by specifying scopes(please note that you may specify scopes for every API key pair separately, however they cannot exceed the limits you specify in Client’s scopes). You must also specify the role of your client, it may be chosen from predefined roles.

Client details

In order to be able to go Live, your client has to supply its eIDAS public key. This can be done by accessing Security tab and pasting in the public key.

Security

Now back to managing API keys. The very first test application will be created for you during the Client registration process. To configure it navigate to applications page.

Applications

Proceed by selecting Test application.

Client Application details

On the page presented above you may change application’s name, regenerate application secret, pick the scopes that your application will support, and set up callback(also doubles as redirect URL) URL for updates from Priora as well as select the role of your application. In order for your Client to go live, you must have configured at least one client application.

Using the API

Postman collection

You can try out the API using postman collection, but it’s important to read this documentation before, in order to have a graveful start.

Request signature

Priora public key

  

Almost all requests(with a few exceptions) must be signed. Priora implements request signature verification via Authorization headers. These must contain grant type Bearer followed by a JSON Web Token. A payload should be generated on a per request basis and should include exp and data claims, the former being expiration time and the latter being a JSON object including all relevant parameters for a request, if there are no such parameters it should be left empty. This payload should then be encoded into a JWT via RS256 algorithm using Client application’s private key.

Scopes

Scopes are permissions granted to access tokens.

Scope Description
accounts Required for accessing Customer account list and account data.
funds_availability Required for checking whether Customer’s account has enough funds to carry out a specific payment. Required by PIISP Clients.
transactions Required for accessing Customer transactions under specific accounts, therefore best be used along accounts scope.
kyc Required for accessing account holder information.
payments Required for accessing Customer payment accounts as well as for payment initiation.

Roles

Roles are used to identify which API is suitable for specific client applications.

Role Description
Regulated This role grants access to V2 API which is reserved for regulated entities, such as AISP or PISP.
Third party This role grants access to TPP API (via OAuth) which is reserved for non regulated Third Party Providers.

Events

Events are phases of session and payment life cycles.

Event Description
processing Request to push session/payment into the next phase has been received by Priora and is undergoing processing.
redirect The customer is being redirected to a provider page in order to perform authentication.
waiting_confirmation Session/payment is waiting for an interactive step outside of Client application or Priora(outside the current page).
waiting_confirmation_code Session/payment is waiting for an interactive step within client application or Priora(on the current page).
fetched_accounts Account information has been fetched from the bank and can be requested.
fetched_transactions Transaction information has been fetched from the bank and can be requested.
fetched_kyc Holder information has been fetched from the bank and can be requested.
closed Session/payment has been closed. To know whether it was a success or a failure, peer into success_at/fail_at fields from the response.

Become a TPP

Tpp Register

To be described…

Request

POSThttps://priora.saltedge.com/api/v2/tpp/register

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbXBhbnkiOnsibmFtZSI6IkV4YW1wbGUgTmFtZSIsImVtYWlsIjoiZXhhbXBsZUBleGFtcGxlLmNvbSIsImFkZHJlc3MiOiI0MDkgQnJvYWR3YXkgR1VJTERGT1JEIiwiY2l0eSI6ImV4YW1wbGVfZGF0YS5jb21wYW55LmNpdHkiLCJ6aXBfY29kZSI6InNvenNOIiwicGhvbmVfbnVtYmVyIjoiMjEyNzg3NTA2In0sInJlcHJlc2VudGF0aXZlIjp7Im5hbWUiOiJFeGFtcGxlIE5hbWUiLCJlbWFpbCI6ImV4YW1wbGVAZXhhbXBsZS5jb20ifSwiY2VydGlmaWNhdGUiOnsidHlwZSI6InFzZWFsIiwibmFtZSI6IkV4YW1wbGUgTmFtZSIsInBlbSI6Ii0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLVxuTUlJRUFqQ0NBdW9DQVFBd0RRWUpLb1pJaHZjTkFRRUxCUUF3V3pFWE1CVUdBMVVFWVF3T1ZIQndVMkZzZEZSbFxuYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRS1xuREFoVFlXeDBWR1Z6ZERFTE1Ba0dBMVVFQmhNQ1VrOHdIaGNOTVRrd09ESXdNVFExTlRBNFdoY05NakV3T0RFNVxuTVRRMU5UQTRXakNCalRFV01CUUdBMVVFQXd3TmMyRnNkQzEwWlhOMExtTnZiVEVSTUE4R0ExVUVDZ3dJVTJGc1xuZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTVxuQ1VKMVkzVnlaWE4wYVRFV01CUUdBMVVFQ1F3TlFXeGlZU0JKZFd4cFlTQTNOVEVUTUJFR0ExVUVZUXdLYVdSbFxuYm5ScFptbGxjakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLZ1c0SjkrSEZjTFxuUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2MlxuMHd1SXErN3BqT1hQUHcrWTlYUUJwU2tqdXJieWhKT2Y4YjZVakxQTEJ1QXdPa0ZOdjdKa2x3S3lxZms0R0c0TlxuZ2s4ZFVhMWNLTkxjWDM3N3B2ejRDSFlqUGtoaUtjTGpBUnhMVEliR216OVlBVC9BazNsN0JGRGRXajBCcmtHalxuV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaFxuRllDWXdvM3VhVUlUeWd4TmRCclo1TmlaS2grcm41VTVuMzNKRE5vTldoQlVFMDFML2hWM1B5ZXhwSlR5bWlEUFxuNlNQUkozRkxHdGtDQXdFQUFhT0JvakNCbnpBTUJnTlZIUk1FQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQlxuQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZlxueTE5UkFCUEtydmJzTVJ0VzN5R0lNZm93UHdZSUt3WUJCUVVIQVFNRU13d3hkR1Z6ZEZCVFVGOUJTUzR1TG1NeFxuWVdSa01EazNMV1ptTldJdE5EZzBNUzA1T1dRNUxUQXlPRGhqWmpGbFpqYzVPREFOQmdrcWhraUc5dzBCQVFzRlxuQUFPQ0FRRUFSbEJydXlWS3VCOWlHZXF1ckVjdjdPVVlXVmdKQTEzTVN4d0tiMDdEZmVOUmJVMVc3cURwd2lZT1xucm5iQlhLY3d5M1d0VThaWFY1QVJ0VHBOS0ZOSUsrWVpvWEtTb09hVnR1QlZvZmpXV2N6U2l3UEU5enRZSDdkUVxucHlVcW43MHgzaWpnYU5Va1FndHhkbnhwVDZuWjJsdjlvQ1FtNDdQbHB3Y3cxUlhzQVNtdXR4S284V056bzh6SlxueWRoUFAwemhEZk0rdjR2SVQyWFlzOTNtcER6cERlWGUyL2RhWXc1d3lQdUtTWkNPYUdkMTd5cDFtRGpXSU4zVFxuQ1JPam1nT2NCSXVBeTdwRnJwMU5jbkFBc3BURGNtZTNSYTcxQUVManhmVnNEcklzMndNMWdHQVFOZEgrMUYzU1xuWHNKZ09rM1JMSTVJNUpOMUQ3bUFMRzZVU1VFYkNnPT1cbi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS1cbiJ9fSwiZXhwIjoxNTY2MzEzMDI4fQ.bG9rokW1IYY19qTiWE6drE962y_gFmLfdUfdpBbjRyfc-iJ2gXNGNI3Iau_ygBaUy1EtOY5tg0cnOS4iD9IB5LsYx6BseGcQcejx7umUX8dwYm3eqIpZInUGHspLzwIkrk6dPt0Z01uEVnTZZMwih-IuRq70eBIhag724WX7CA-wddBYTHluBQ-UlhTiV4bt2v0yKIbdsv8K8b-tn-xR_XxJjRyANgI3XaDcN6jCuHJlDqM3MzCuxNCY2dGCMJ8EGVIKukixll8yZj3MzMPIp6MLXBNLUa6E6qFh9z4wLwzU_KIz5LtWlo9176VX5mPvL1g4zVuIoacqaq7R6jebOw"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tpp/register"

Headers

Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: JWTClaimMissing, PublicKeyInvalid, AuthorizationMissing, RequestFormatInvalid
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "company": {
      "name": "Example Name",
      "email": "example@example.com",
      "address": "409 Broadway GUILDFORD",
      "city": "example_data.company.city",
      "zip_code": "sozsN",
      "phone_number": "212787506"
    },
    "representative": {
      "name": "Example Name",
      "email": "example@example.com"
    },
    "certificate": {
      "type": "qseal",
      "name": "Example Name",
      "pem": "-----BEGIN CERTIFICATE-----\nMIIEAjCCAuoCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRl\nc3QwMDAxIDAeBgNVBAMMF2NlcnRTSUdOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQK\nDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkwODIwMTQ1NTA4WhcNMjEwODE5\nMTQ1NTA4WjCBjTEWMBQGA1UEAwwNc2FsdC10ZXN0LmNvbTERMA8GA1UECgwIU2Fs\ndFRlc3QxCzAJBgNVBAYTAlJPMRIwEAYDVQQIDAlCdWN1cmVzdGkxEjAQBgNVBAcM\nCUJ1Y3VyZXN0aTEWMBQGA1UECQwNQWxiYSBJdWxpYSA3NTETMBEGA1UEYQwKaWRl\nbnRpZmllcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+HFcL\nQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF62\n0wuIq+7pjOXPPw+Y9XQBpSkjurbyhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4N\ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDdWj0BrkGj\nWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEush\nFYCYwo3uaUITygxNdBrZ5NiZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP\n6SPRJ3FLGtkCAwEAAaOBojCBnzAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUKpPfy19RABPKrvbsMRtW3yGIMfowHwYDVR0jBBgwFoAUKpPf\ny19RABPKrvbsMRtW3yGIMfowPwYIKwYBBQUHAQMEMwwxdGVzdFBTUF9BSS4uLmMx\nYWRkMDk3LWZmNWItNDg0MS05OWQ5LTAyODhjZjFlZjc5ODANBgkqhkiG9w0BAQsF\nAAOCAQEARlBruyVKuB9iGequrEcv7OUYWVgJA13MSxwKb07DfeNRbU1W7qDpwiYO\nrnbBXKcwy3WtU8ZXV5ARtTpNKFNIK+YZoXKSoOaVtuBVofjWWczSiwPE9ztYH7dQ\npyUqn70x3ijgaNUkQgtxdnxpT6nZ2lv9oCQm47Plpwcw1RXsASmutxKo8WNzo8zJ\nydhPP0zhDfM+v4vIT2XYs93mpDzpDeXe2/daYw5wyPuKSZCOaGd17yp1mDjWIN3T\nCROjmgOcBIuAy7pFrp1NcnAAspTDcme3Ra71AELjxfVsDrIs2wM1gGAQNdH+1F3S\nXsJgOk3RLI5I5JN1D7mALG6USUEbCg==\n-----END CERTIFICATE-----\n"
    }
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
data.certificate hash, required Wrapper for certificate params.
data.certificate.name string, required The certificate’s name
data.certificate.pem string, required Certificate in pem format
Can raise: WrongRequiredFields
data.certificate.type string, required qseal or qwac
Allowed values: qseal, qwac
data.company hash, required Wrapper for company params.
data.company.address string, required Company address
data.company.city string, required Company city
data.company.email string, required Company email
Can raise: WrongRequiredFields, AccessDenied
data.company.name string, required Company name
data.company.phone_number string, required Company phone number
data.company.zip_code string, required Company zip code
data.representative hash, required Wrapper for representative params.
data.representative.email string, required Client user’s email. This email will receive a letter for confirming the registration.
Can raise: WrongRequiredFields, AccessDenied
data.representative.name string, required Client user’s name
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "message": "example_data.message"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.message string, required Human readable message for developer.
Class Code Description
WrongRequiredFields 401 WrongRequiredFields
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ValueOutOfRange 400 ValueOutOfRange
JWTClaimMissing 400 Authorization Token expiration is not provided. Please specify exp alongside data field.
PublicKeyInvalid 400 Given public key is not a public key.
AuthorizationMissing 400 AuthorizationMissing
RequestFormatInvalid 400 Request format is wrong. Details are stored in error_message

Tpp Certificates

To be described…

Request

POSThttps://priora.saltedge.com/api/v2/tpp/certificates

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNlcnRpZmljYXRlIjp7InR5cGUiOiJxc2VhbCIsIm5hbWUiOiJFeGFtcGxlIE5hbWUiLCJwZW0iOiItLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS1cbk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmxcbmMzUXdNREF4SURBZUJnTlZCQU1NRjJObGNuUlRTVWRPVTBGTVZGUkZVMVFnVjJWaUlFTkJNUkV3RHdZRFZRUUtcbkRBaFRZV3gwVkdWemRERUxNQWtHQTFVRUJoTUNVazh3SGhjTk1Ua3dPREl3TVRRMU5UQTRXaGNOTWpFd09ERTVcbk1UUTFOVEE0V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnNcbmRGUmxjM1F4Q3pBSkJnTlZCQVlUQWxKUE1SSXdFQVlEVlFRSURBbENkV04xY21WemRHa3hFakFRQmdOVkJBY01cbkNVSjFZM1Z5WlhOMGFURVdNQlFHQTFVRUNRd05RV3hpWVNCSmRXeHBZU0EzTlRFVE1CRUdBMVVFWVF3S2FXUmxcbmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0xcblFVcExJNHNaQkpuUWhnUWFKWERscFQyODVsZThlRHE3VGpaZ2F6S3FNOUZCcnc0QUVEcVJsWEd2Z3dpbkpGNjJcbjB3dUlxKzdwak9YUFB3K1k5WFFCcFNranVyYnloSk9mOGI2VWpMUExCdUF3T2tGTnY3Smtsd0t5cWZrNEdHNE5cbmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2pcbldkRnpSVldxY3RwNDY1b1hGV2U2d0JpcmxKZStSRGdoZ0FkVEFpUEdSd1h1eHZkYkluUjh2dm9ESTUyR0V1c2hcbkZZQ1l3bzN1YVVJVHlneE5kQnJaNU5pWktoK3JuNVU1bjMzSkROb05XaEJVRTAxTC9oVjNQeWV4cEpUeW1pRFBcbjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUJcbkJqQWRCZ05WSFE0RUZnUVVLcFBmeTE5UkFCUEtydmJzTVJ0VzN5R0lNZm93SHdZRFZSMGpCQmd3Rm9BVUtwUGZcbnkxOVJBQlBLcnZic01SdFczeUdJTWZvd1B3WUlLd1lCQlFVSEFRTUVNd3d4ZEdWemRGQlRVRjlCU1M0dUxtWXhcbk5USTRPREEwTFRJMU5UZ3RORFJrTnkxaE9Ea3lMVGc1T1dGbU5HTTVNRFprTWpBTkJna3Foa2lHOXcwQkFRc0ZcbkFBT0NBUUVBTFNzVXZuOEFGaDBqNmJrSTJNczVTb0FwSENmci94S2F3YmgvMXVlT2U0bmhmcHAyRi9UNFdrcGZcbkpQOGRPM3c1SGF5NUpIMUVuMDNRZkVYQThxbjNlY1g1N2RGeHBoOC9pZmRXb3p3YTBtODFhTHRxRDM4MGpndGpcbk9uNE02N3FqMHpiL2xibHlraXVUY1h4TndRT3cvMUVIZElvVE5iY0txMkpiYUk1OEgyVzRWd3BWOWRIZkI0QUlcbktZOFBhVTJMeG1QRmk3dXorRGpMa0U3QjZrUFpCMkN2MGV0ekEwMzk0MExlakY4ZmFWT3ZQOTRRdkVhdHlhd2ZcblM1TGY5cmVoMG5TZ3JmRXFrOWF1Yk9mRDhwdXkvbERsQjBDMlpxREM0L2MxNGxiWWQ1bmxjVjhHeDNhaUxtYnhcbitRUlZ2U2h0UUZOdERrVnlsZnVVMUdseHBpK2pnUT09XG4tLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tXG4ifX0sImV4cCI6MTU2NjMxMzAyOH0.XrqHd7g6Xl0-iR5XXYWi8DsMBhcw427QKr7-wxwF5zQmPsY0TU5fTRo1tPAHblm9mZokXNQAkiY6ywv8m3WK5CFvfXGqddLH79Z8cci5-El1f5GkP27c-FWpiVXW-X-hrHeZHXAtLakBGT6z3abFNUAuLuCUYa6aGlpTlD6615_aYnVYyLFktBzchsheRqoQMuqLwTLuOopapATmPrH9MjeAjjreiXLUUUhc_JltuFzU_T1edisT3pZtp2Jh6KhGIZz5or1z2mOKCtvF0mUh4Yk2bBpcCpmBwJ9xyepJDJXB3MiZJPPoFxCxTTbmosFdFQDjvwZd1OhfHeil-uz5og"
 -H "App-Id: v3TO9sNpoD1yVAY_dXFS5A"
 -H "App-Secret: W80B8GeYc0xCNPiIqvwQRQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tpp/certificates"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: JWTClaimMissing, PublicKeyInvalid, AuthorizationMissing, RequestFormatInvalid
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "certificate": {
      "type": "qseal",
      "name": "Example Name",
      "pem": "-----BEGIN CERTIFICATE-----\nMIIEAjCCAuoCAQAwDQYJKoZIhvcNAQELBQAwWzEXMBUGA1UEYQwOVHBwU2FsdFRl\nc3QwMDAxIDAeBgNVBAMMF2NlcnRTSUdOU0FMVFRFU1QgV2ViIENBMREwDwYDVQQK\nDAhTYWx0VGVzdDELMAkGA1UEBhMCUk8wHhcNMTkwODIwMTQ1NTA4WhcNMjEwODE5\nMTQ1NTA4WjCBjTEWMBQGA1UEAwwNc2FsdC10ZXN0LmNvbTERMA8GA1UECgwIU2Fs\ndFRlc3QxCzAJBgNVBAYTAlJPMRIwEAYDVQQIDAlCdWN1cmVzdGkxEjAQBgNVBAcM\nCUJ1Y3VyZXN0aTEWMBQGA1UECQwNQWxiYSBJdWxpYSA3NTETMBEGA1UEYQwKaWRl\nbnRpZmllcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgW4J9+HFcL\nQUpLI4sZBJnQhgQaJXDlpT285le8eDq7TjZgazKqM9FBrw4AEDqRlXGvgwinJF62\n0wuIq+7pjOXPPw+Y9XQBpSkjurbyhJOf8b6UjLPLBuAwOkFNv7JklwKyqfk4GG4N\ngk8dUa1cKNLcX377pvz4CHYjPkhiKcLjARxLTIbGmz9YAT/Ak3l7BFDdWj0BrkGj\nWdFzRVWqctp465oXFWe6wBirlJe+RDghgAdTAiPGRwXuxvdbInR8vvoDI52GEush\nFYCYwo3uaUITygxNdBrZ5NiZKh+rn5U5n33JDNoNWhBUE01L/hV3PyexpJTymiDP\n6SPRJ3FLGtkCAwEAAaOBojCBnzAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUKpPfy19RABPKrvbsMRtW3yGIMfowHwYDVR0jBBgwFoAUKpPf\ny19RABPKrvbsMRtW3yGIMfowPwYIKwYBBQUHAQMEMwwxdGVzdFBTUF9BSS4uLmYx\nNTI4ODA0LTI1NTgtNDRkNy1hODkyLTg5OWFmNGM5MDZkMjANBgkqhkiG9w0BAQsF\nAAOCAQEALSsUvn8AFh0j6bkI2Ms5SoApHCfr/xKawbh/1ueOe4nhfpp2F/T4Wkpf\nJP8dO3w5Hay5JH1En03QfEXA8qn3ecX57dFxph8/ifdWozwa0m81aLtqD380jgtj\nOn4M67qj0zb/lblykiuTcXxNwQOw/1EHdIoTNbcKq2JbaI58H2W4VwpV9dHfB4AI\nKY8PaU2LxmPFi7uz+DjLkE7B6kPZB2Cv0etzA03940LejF8faVOvP94QvEatyawf\nS5Lf9reh0nSgrfEqk9aubOfD8puy/lDlB0C2ZqDC4/c14lbYd5nlcV8Gx3aiLmbx\n+QRVvShtQFNtDkVylfuU1Glxpi+jgQ==\n-----END CERTIFICATE-----\n"
    }
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
data.certificate hash, required Wrapper for certificate params.
data.certificate.name string, required The certificate’s name
data.certificate.pem string, required Certificate in pem format
Can raise: WrongRequiredFields
data.certificate.type string, required qseal or qwac
Allowed values: qseal, qwac
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "message": "example_data.message"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.message string, required Human readable message for developer.
Class Code Description
WrongRequiredFields 401 WrongRequiredFields
ValueOutOfRange 400 ValueOutOfRange
JWTClaimMissing 400 Authorization Token expiration is not provided. Please specify exp alongside data field.
PublicKeyInvalid 400 Given public key is not a public key.
AuthorizationMissing 400 AuthorizationMissing
RequestFormatInvalid 400 Request format is wrong. Details are stored in error_message
OauthAppNotFound 404 OauthAppNotFound

Callbacks

Sample Payload with session identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    }
  }
}

Sample Payload with payment identifier

{
  "data": {
    "session": {
      "id": "79",
      "secret": "8ee0cb1722615ebe_1510819559"
    },
    "payment": {
      "id": "31"
    }
  }
}

For all asynchronous actions, such as authorizing an access token, creating a payment or refreshing account information Priora will send a callback to your Client Application. The callback will be delivered to callback URL which can be configured in the Applications section of your dashboard.

Each callback will include an Authorization header that will consist of grant type Bearer followed by a JSON Web Token signed using Priora public key and RS256 algorithm. When decoded, this JWT will include exp and data claims. All relevant information will be wrapped into data claim.

The payload contains the session information (id and secret). Additionally, during the payment flow it will contain the payment information (id). Please see the example payload at the right.

All Errors

During any request or flow originating either on Client or Priora side a number of errors may appear. In order to standardize errors while still giving some degree of freedom in explaining an error callback parameters should include both error_class and error_message. Error message serves the purpose of communicating the issue to the End-Customer, whereas error class should be used by Clients in order to be able to handle various scenarios.

Contents of the error_message are entirely up to the Provider, they may even be localized. However, values sent within error_class parameter should be from the standardized list. This list may and will be extended over time.

Class Description
AuthorizationMissing Authorization header is missing.
Deprecated Specified resource has been deprecated and cannot be used anymore.
AccountNotFound Account specified in request does not exist or cannot be retrieved.
CustomerNotFound Customer specified in request does not exist or cannot be retrieved.
PaymentNotFound Payment specified in request does not exist or cannot be retrieved.
ProviderNotFound Provider specified in request does not exist or cannot be retrieved.
RouteNotFound Wrong request URL.
OauthAppNotFound OAuth Application specified in request does not exist or cannot be retrieved.
SessionNotFound Session specified in request does not exist or cannot be retrieved.
TemplateNotFound Template specified in request does not exist or cannot be retrieved.
FetchingError There were some problems while fetching Customer’s data. Please, retry later.
ClientDisabled Cooperation with specified Client is impossible.
ProviderDisabled Cooperation with specified Provider is impossible.
InternalServerError Something went wrong on our side. You can report this behaviour, but most probably our developers have already started working on it.
InternalProviderError Something went wrong on Provider(ASPSP) side.
AuthorizationTypeNotFound Authorization Type specified in request does not exist or cannot be retrieved.
WrongRequiredFields Specified required fields were not provided. More info in error_message
TokenExpired Token specified in request is expired and cannot be used.
TokenNotFound Token specified in request does not exist or cannot be retrieved.
AuthTokenNotFound Token specified in request does not exist or cannot be retrieved.
TokenRevoked Token specified in request is revoked and cannot be used anymore.
ClientNotFound Client specified in request does not exist or cannot be retrieved.
SessionExpired Found session has been expired and cannot be processed anymore.
EncodingInvalid Given data cannot be encoded on our side. Please use utf-8 encoding.
ScopesInvalid Specified scopes don’t match with the ones specified in Provider or OAuthApp. More info in error_message
PublicKeyInvalid Given public key is not a public key.
RequestFormatInvalid Request format is wrong. Details are stored in error_message
ValueOutOfRange One of specified values are out of range.
SessionClosed Session specified in request has been already closed and cannot be modified.
JWTDecodeError Authorization Token header has wrong format.
JWTExpiredSignature Authorization Token header has been expired.
JWTVerificationError SaltEdge PSD2 Compliance could not verify specified Authorization Token
JWTIncorrectAlgorithm Authorization Token was encrypted with incorrect algorithm. Please use RSA256 algorithm for ecnrypting.
JWTClaimMissing Authorization Token expiration is not provided. Please specify exp alongside data field.
AccessTokenMissing This request cannot be performed without Access_Token header.
RefreshTokenMissing This request cannot be performed without Refresh-Token header.
TokenMissing This request cannot be performed without TOKEN header.

Accounts

Accounts All

Returns all accounts belonging to a Customer and all relevant information about them. Accounts available for making payments will have “payment_account” set to true.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/all

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjoyMCwiZnJvbV9pZCI6NTA0fSwiZXhwIjoxNTY2MzEzMDI4fQ.fn3tMh8IkRzBrpVpZ6BSSWCIpn18wAYk5GcGv1JSkxnxwA8DRQtznnMmOJP9-m35KfDENg6Ffa6Q9vggmWNedGexJaUc9C-hxvMo10KPwpSM1Oku6rPgEhZ0F61y5SKD3RIrUVBY1-xBY9cxBS5pOEu32qLqcfKSUUJAPAwLZGwYfMUeVQ0RWmG01GT3ivH6EB0Ox_0OZ_dJU9Rij22IkIYKNr9BcnoO0qLG197opAFt72oovwxuUI3qbP12ocWtjsZiUrZOB6IqHVRTvpYFlL-gWlYsJ_OCJaqwTvc5zEbiPKkv0krtjzJUk49xk7Y8qQwF8z2tSuKo6_hBZ_iBOQ"
 -H "App-Id: gyTD5WgsVGxjTA3vtfUaoQ"
 -H "App-Secret: OP2YhCIQ5NR5qn8x-zGdzg"
 -H "Access-Token: ccbbc49b23b018780d64f9d0b4112046267a1fa30ae7c26025c1ad4588d007ba5b1b791fe628a1be6d731535236fa87e6bb1d6002a2913c22a7d40e49fab5ef3"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/all"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "per_page": 20,
    "from_id": 504
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
data.from_id integer, optional Return all accounts starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
data.per_page integer, optional Number of accounts that should be returned per request.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": "937",
      "name": "Example Name",
      "nature": "debit_card",
      "iban": "FK46RAND10758930968896",
      "number": "725230441",
      "sort_code": "03-19-64",
      "swift_code": "c_aXu",
      "currency_code": "EUR",
      "balance": -33.41,
      "available_amount": -33.41,
      "provider_account_id": "102",
      "extra": {
      },
      "payment_account": true,
      "created_at": "2019-08-20T14:55:08.612Z",
      "updated_at": "2019-08-20T14:55:08.612Z"
    }
  ],
  "meta": {
    "time": "2019-08-20T14:55:08.612Z",
    "next_id": 158
  }
}
Response Type Description
data array, required Wrapper for the data.
data.available_amount float, required Physically available funds.
data.balance float, required Account balance.
data.created_at datetime, required Datetime of account creation on Priora side.
data.currency_code string, required Account currency code in ISO 4217.
data.extra hash, optional Any extra information related to an account that is deemed relevant.
Default value: {}
data.iban string, optional International Bank Account Number.
data.id string, required Account identifier on Priora.
data.name string, required Human readable account name.
data.nature string, required Account nature.
Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage
data.number string, optional Account number identifier within Bank.
data.payment_account boolean, required Specifies whether account can be used to initiate payments.
Allowed values: true, false
data.provider_account_id string, required ID that uniquely identifies this account in provider’s system.
data.sort_code string, optional Used to identify bank accounts in United Kingdom and Ireland.
data.swift_code string, optional Business Identifier Code.
data.updated_at datetime, required Datetime of last account updation on Priora side.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time request was processed.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Holder

Returns holder information that belongs to a Customer.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/holder

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: dxniyP-LUJYUltHThpw4tA"
 -H "App-Secret: bqqfhtJGDdZNhpcmZ2J9RQ"
 -H "Access-Token: 26721194b9b8b4dd2320bab34e2ccb21bec38434b77c0c9d905e7e1455895a1d437a34db262b795eb6d36d129070e0ff1d056fbd0aba3ed295ee47ba38b82649"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/holder"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "name": "Example Name",
    "email": "example@example.com",
    "phone": "209299229",
    "address": "409 Broadway GUILDFORD",
    "date_of_birth": "2019-08-20T14:55:08.520Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.address string, optional PSU adress.
data.date_of_birth string, optional PSU date of birth in datetime format.
data.email string, optional PSU email.
data.name string, optional PSU name.
data.phone string, optional PSU phone number.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Payment

Returns accounts that are available for making payments and belong to a Customer.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/payment

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: Cw1yRNvhKtITkglu9cLNnA"
 -H "App-Secret: hc6ofbeNNiVRnddWmUDUBg"
 -H "Access-Token: 4c6f11ca0eb4f3ebb8fd827744f90e211ab0575ab96c9b187d550de8d0cb30b6b001c58d75cdc81bdcba01775374a656aeae2ccf84415fa6242f6a0621287430"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/payment"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": "525",
      "name": "Example Name",
      "nature": "card",
      "iban": "FK14RAND20767117771129",
      "number": "404644354",
      "sort_code": "53-86-27",
      "swift_code": "BWJJy",
      "currency_code": "USD",
      "provider_account_id": "749",
      "created_at": "2019-08-20T14:55:08.548Z",
      "updated_at": "2019-08-20T14:55:08.548Z"
    }
  ]
}
Response Type Description
data array, required Wrapper for the data.
data.created_at datetime, required Datetime of account creation on Priora side.
data.currency_code string, required Account currency code in ISO 4217.
data.iban string, optional International Bank Account Number.
data.id string, required Account identifier on Priora.
data.name string, required Human readable account name.
data.nature string, required Account nature.
Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage
data.number string, optional Account number identifier within Bank.
data.provider_account_id string, required ID that uniquely identifies this account in provider’s system.
data.sort_code string, optional Used to identify bank accounts in United Kingdom and Ireland.
data.swift_code string, optional Business Identifier Code.
data.updated_at datetime, required Datetime of last account updation on Priora side.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Refresh

Refresh accounts that belong to a Customer. This endpoint sends a callback upon completion.

Request

PUThttps://priora.saltedge.com/api/v2/accounts

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImZyb21fZGF0ZSI6IjIwMTktMDUtMjAiLCJ0b19kYXRlIjoiMjAxOS0wOC0yMCJ9LCJleHAiOjE1NjYzMTMwMjh9.I7XCr9_yV8GCUXKhj8j4Pm8VEOecge5bSN7OQvOhKOGReipIv1IUo3DSPKtigy4austDFWspK_7WktcL6CJTZMLfq4qtkAN_GPg2yo8o_DWSYEK-6fYMLS0gm1nAUfjuqaHjoovqQbxP2YZNsMc4i1LUOX1x6xX_Kc9J3EVI_KOBQQNkTYqXQewKLK8Ex70M9zd5a6D85odWRxK0-eMowJ8w90t4Wh3RL_7F017HwwqgqJLx4txYu3YvgC1XgIqQ9QVmwEXnOQ2ZA0Yv_b3f6kDaEQPjyEQts45pcieiXKGUg2Nat1izXbzWNNhaEtHYpUs2P3LhoQKIsjFmIIX-jA"
 -H "App-Id: 2SzT3xXTu80O2IKisQxmpA"
 -H "App-Secret: eMcIEbX_6sy5SIa7QHD3ng"
 -H "Access-Token: d750a49a7e79c6a0b73aeb8b464f2cb1b2cbc89f0b02d7970ce9fff062286b03bbe0112178b140360cd523a66497bfe73b7ad443bfacbdcb954ce08e4662c5a2"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/accounts"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "from_date": "2019-05-20",
    "to_date": "2019-08-20"
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
data.from_date datetime, optional Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which account data should be fetched. This value will be set to 90 days ago by default.
Default value: 3 months ago.
data.to_date datetime, optional Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which account data should be fetched. This value will always be the today’s date by default.
Default value: Today.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "session_secret": "nn8zy75aLDi_Y6Fmxsxx"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier on Salt Edge PSD2 Compliance.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Accounts Transactions

Returns transactions for a specific account.

Request

GEThttps://priora.saltedge.com/api/v2/accounts/:account_id/transactions

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjoyMCwiZnJvbV9pZCI6NTA2fSwiZXhwIjoxNTY2MzEzMDI4fQ.pD8cnrgQmsGwplKaFNzkb5GU1iSIMX-_eYtPbbDElEMcpDz5XYJjhNAe8W7nGJG6I2tPX3LUERBISPm6QoV6wSxYD9CQ1mGBUAXMwx1MjDlpAI3pAmQm_YsCgvGJX9dePLobpxL4i07rmip2miAKMuw2v8kWYwbXuwjzO1-IYBUVIbN22KLkOVwOMY8YEn-E11Q0wiOfFyPvqEHM3GMh2n3kIAlxMSbnc4SjCJLIPYQQotIFg2oolS_fOditp3Toi97guw1z7Hf3mwp_BTUSU-rhSx9oJDTB-SYgVekmWGYeelhKarmThbExcSqa-jM6kTo8K7c24Smn8jwDzgrMPw"
 -H "App-Id: cGq6CzS69hVFayvSpOdgmA"
 -H "App-Secret: 6f_ib9M8BCxRWfG4iwaOOw"
 -H "Access-Token: 2db07f7047b0d36469b9a1288417988bcc5f081aab9047ab105d97306faa77db5553b372c7c800a49a54d0f8f8d9a8b06118dd9de0a7631bbfb1d6d629776785"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/accounts/:account_id/transactions"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "per_page": 20,
    "from_id": 506
  },
  "exp": 1566313028,
  "account_id": 185
}
Parameter Type Description
account_id integer, required Account identifier on Priora.
Can raise: AccountNotFound
data hash, required Wrapper for the data.
data.from_id integer, optional Return transactions starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
data.per_page integer, optional Number of transactions that should be returned per request.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": 64,
      "account_id": 230,
      "currency_code": "EUR",
      "amount": 13.33,
      "fees": [
        {
        }
      ],
      "description": "example_data.description",
      "extra": {
      },
      "provider_transaction_id": "4",
      "made_on": "2019-08-20T14:55:08.577Z",
      "status": "pending",
      "category": "example_data.category",
      "created_at": "2019-08-20T14:55:08.577Z",
      "updated_at": "2019-08-20T14:55:08.577Z"
    }
  ],
  "meta": {
    "time": "2019-08-20T14:55:08.577Z",
    "next_id": 31
  }
}
Response Type Description
data array, required Wrapper for the data.
data.account_id integer, required Account identifier on Priora.
data.amount float, required Transaction amount
data.category string, optional Transaction category defined on ASPSP side.
data.created_at datetime, required Datetime of transaction creation on Priora side.
data.currency_code string, required Transaction currency code in ISO 4217.
data.description string, required Transaction description.
data.extra hash, optional Any data relevant to the transaction.
Default value: {}
data.fees array, required List of all fees applied to the given transation.
data.id integer, required Transaction identifier on Priora.
data.made_on datetime, required Date on which transaction was processed.
data.provider_transaction_id string, required Transaction identifier on ASPSP side.
data.status string, required Transaction status.
Allowed values: posted, pending
data.updated_at datetime, required Datetime of transaction updation on Priora side.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time request was processed.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AccountNotFound 404 Account specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments

Payment Statuses

The current stage of a payment lifecycle is represented in status field. The status of a payment can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.

Payments Show

To be described…

Request

GEThttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: aBRZyeA0I2QY_6TGGuOozg"
 -H "App-Secret: Ll7CkRH5m7E-3K0jDBAptw"
 -H "Access-Token: f3ab073db56b288cf89a6dc7667d7ec1042fc7ca77258b7c81f9e2037dc8e3ff52a7a75773af8f7b2aa7ba51fb15f0f0fc9bf89f9ded0d165a2f49abe26bd661"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028,
  "id": 175
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier on Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound

Response

Example of response

{
  "data": {
    "id": 210,
    "status": "redirect",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 807,
      "secret": "zJ9Eo1fxtYCEsxNajQ5y",
      "status": "fetched_transactions",
      "events": [
        {
        }
      ],
      "success_at": "2019-08-20T14:55:08.966Z",
      "expires_at": "2019-08-20T14:55:08.966Z",
      "fail_at": "2019-08-20T14:55:08.966Z",
      "fail_message": "example_data.session.fail_message"
    },
    "created_at": "2019-08-20T14:55:08.966Z",
    "updated_at": "2019-08-20T14:55:08.966Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes(required and optional) that are needed for a successful payment initiation.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed, fetched_kyc, fetched_accounts, fetched_transactions
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Create

To be described…

Request

POSThttps://priora.saltedge.com/api/v2/payments

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInRlbXBsYXRlX2lkIjo3MzgsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSIsImZvcmNlX3NjYSI6dHJ1ZSwiZXh0cmEiOnt9LCJwYXltZW50X2F0dHJpYnV0ZXMiOnsicmVxdWlyZWRfa2V5IjoidmFsdWUifX0sImV4cCI6MTU2NjMxMzAyOX0.qE247WzPp0ib4VpbSrXSDYam7yObTwlDhb8i5gE-FJ0GCNlSVbxma5aPKqAZaRXLm4-jilTPmgQlF1trCii7y5MxfFfrlZ2KgDO8elIe6HW07ZeOJku4y5MITTLuAWDmmvh9Z-tFaBIrerb9XJA7HMk_N05Xm5yU2HsmRMmhrTVktCiP01dNfWMvdFnvApxK2puzKyAF-yiLECWQZ9jtD1qCe2-qrIhDvwQMBqFbV5S8XxDjK2k2KXqcrVsFm-WO7jtRl4bWHxeQfiKNT7LtTA36uQ9TyDHuBJ0KRbIXuhZrtD8LgsI57kvw27D2avt6hX9kOd_M7AWV97xib3rNRQ"
 -H "App-Id: qwuvui5ahoMslPed7TKe_w"
 -H "App-Secret: btp6kU5WuFn1jgwsrT1DTw"
 -H "Access-Token: 25391950e3466733deb55f858a07156dfb3e7f1e754e898ae7fccd18943e1e512de96c27aab08ee4b676ea3c4eadd818f7279c40d53abc5e7e1483de281fcac7"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/payments"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "provider_code": "demobank",
    "template_id": 738,
    "redirect_url": "https://user.will.be/redirected/here",
    "force_sca": true,
    "extra": {
    },
    "payment_attributes": {
      "required_key": "value"
    }
  },
  "exp": 1566313029
}
Parameter Type Description
data hash, required Wrapper for the data.
data.extra hash, optional Extra details that should be persisted into session.
Default value: {}
data.force_sca boolean, optional Whether to disregard exemptions and force SCA as a required step to process the payment.
data.payment_attributes hash, required All attributes(required and optional) that are needed for a successful payment initiation.
data.provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied
data.redirect_url string, optional The URL that the customer will be redirected to proceed with payment. Used for oauth flow.
data.template_id integer, required Payment template identifier on Salt Edge PSD2 Compliance side.
Can raise: TemplateNotFound
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "id": 790,
    "status": "example_data.status",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 525,
      "secret": "PKVRvxyza77bDH9zzVU8",
      "status": "closed",
      "events": [
        {
        }
      ],
      "success_at": "2019-08-20T14:55:09.026Z",
      "expires_at": "2019-08-20T14:55:09.026Z",
      "fail_at": "2019-08-20T14:55:09.026Z",
      "fail_message": "example_data.session.fail_message"
    },
    "created_at": "2019-08-20T14:55:09.026Z",
    "updated_at": "2019-08-20T14:55:09.026Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes(required and optional) that are needed for a successful payment initiation.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed, fetched_kyc, fetched_accounts, fetched_transactions
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ProviderNotFound 404 ProviderNotFound
AccessDenied 401 Action you want to perform is not allowed. More in error_message
TemplateNotFound 404 TemplateNotFound
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Confirm

To be described…

Request

PUThttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjoib2F1dGgifSwiZXhwIjoxNTY2MzEzMDI5fQ.V3L25_ojNs25a5TMp_Ud2jcfhxRSN9htgGX91ATLRyxQsNZqNe2QFtZ8MJuKPgKl0kPY2t-FlFBYWytuvsqTNdKm0t5poEZijRKE2EVwpOuGFdgR0mMAkxU6I4FcGqrDODc3_LpnJuYIK1y3_AnpCt15epNywwh-MzsIZ7OH7-qo9E1SiCjGFR8cN6yoFStzzDtutEwp5rkEsRpgHFB9pzDNaCkoOR5lxxpae894AwfpYiYfVVQ1FotRn3iDA9c1hLhejSvhO_fsw520wUVVSPlOS5tzQiG1RwQfbcGID9HbnlM1QyyxegbrFrKBZTDN1lHWoolWMUesUjvrRcaACA"
 -H "App-Id: itmZMb1coZcxNRC9tc3jfg"
 -H "App-Secret: Cnq2CLS2TmI6LqwzTzgzvA"
 -H "Access-Token: 43a1e7a4613a42cd75b0c74119bcd7670dddba68169244f3127e499e092ae9faea304bc2fef787227416849163d162df1991ca4cb4bb5fa8f351f9c79c3e0eed"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "credentials": "oauth"
  },
  "exp": 1566313029,
  "id": 783
}
Parameter Type Description
data hash, required Wrapper for credentials pair.
data.credentials hash, required Wraps Customer credentials, it is used for both first(e.g. login, password) and second factors(e.g. one time password). Contents may vary depending on authorization types supported by your Bank.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier on Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "id": 469,
    "status": "example_data.status",
    "description": "example_data.description",
    "fees": [
      {
      }
    ],
    "payment_attributes": {
      "required_key": "value"
    },
    "session": {
      "id": 971,
      "secret": "gCW2ocBSc_3-rDwtKT34",
      "status": "fetched_kyc",
      "events": [
      ],
      "success_at": "2019-08-20T14:55:09.089Z",
      "expires_at": "2019-08-20T14:55:09.090Z",
      "fail_at": "2019-08-20T14:55:09.090Z",
      "fail_message": "example_data.session.fail_message"
    },
    "created_at": "2019-08-20T14:55:09.090Z",
    "updated_at": "2019-08-20T14:55:09.090Z"
  }
}
Response Type Description
data hash, required Wrapper for credentials pair.
data.created_at datetime, required Datetime of payment creation.
data.description string, required Payment’s description.
data.fees array, required List of all fees applied to given payment.
Default value: []
data.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.payment_attributes hash, required All attributes(required and optional) that are needed for a successful payment initiation.
data.session hash, required Related session.
data.session.events array, required Related session’s events.
data.session.expires_at datetime, required Datetime of session expiration.
data.session.fail_at datetime, optional Datetime of session failure.
data.session.fail_message string, optional Session fail message.
data.session.id integer, required Payment identifier on Salt Edge PSD2 Compliance.
data.session.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.session.status string, required Current status of the payment.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed, fetched_kyc, fetched_accounts, fetched_transactions
data.session.success_at datetime, optional Datetime of session successful closure.
data.status string, required Current status of the payment.
data.updated_at datetime, required Datetime of last payment updation.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments Destroy

To be described…

Request

DELETEhttps://priora.saltedge.com/api/v2/payments/:id

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI5fQ.RGxD6XzLX3AfklRFmThjwW4FBeBIsEf_Mxd82-KGDO4IsTeAIgmGIc8uXZW5gcUx0bo6PoQrmN3zVPjIBagYVBmHgAG1TWc10pMfS2kiZbH7okxUPCrOiM8X0UzskPfzCsZNYCvRjIToDGHEs0KRu5BtL8Hx92RjjHJY81btAajqZIt2ePgOmoAYfilQ_hariPiaqQUW1c12Z8BC3DHtiOH1l2xQ1OpmHqqBHOaMZg_wxfVUGK2ID1YIUC9zy1OjADGTSjez6Mp6MmrdpiNJjtLrSvY-6I4QCbhBiCAEtDeqoKOnQuDG0zGXi_9ptTgZ2UjWEa1NoNbs041GHoo3hA"
 -H "App-Id: 16ef2tQoj-YnoPazLa0Anw"
 -H "App-Secret: WmBwAw2TJ0M5_Z8ybo02NA"
 -H "Access-Token: a2a9291376aa133145123b9ebc16314393a2379e1e1b9572daf5278107de162be625085c99f77c51c6b335243c60340429c39e85e1e8c980c33c460a9e37120f"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X DELETE "https://priora.saltedge.com/api/v2/payments/:id"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313029,
  "id": 373
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
id integer, required Payment identifier on Salt Edge PSD2 Compliance.
Can raise: PaymentNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "payment_id": 681
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.payment_id integer, required Payment identifier on Connector side. Used to map Salt Edge PSD2 Compliance payments to Connector ones.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Payments CheckFunds

To be described…

Request

POSThttps://priora.saltedge.com/api/v2/payments/check_funds

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImFtb3VudCI6MzAuMDEsImN1cnJlbmN5X2NvZGUiOiJVU0QiLCJhY2NvdW50IjoiZXhhbXBsZV9kYXRhLmFjY291bnQifSwiZXhwIjoxNTY2MzEzMDI5fQ.CTLq6k5nwEWY02iT00yePxLXefnBCrnKZMI8w1Kg5inB4G1HxTVwgXI_no3F_3ga3Y832fHPR4WbZTO6ruX7pbAWKQqv7T9iV_A451ixTbG_DuScM5ygp36BKJ4BOEVtO0CHxFMNnLWGiGwNAmOCqin6STMXP1r57vuWIZ7FANY0n7zXEm9Db5vEnShxwx9q_qvP6p_6DhWLdy8XcEVn7wBE_c4unzMelQaiQ6Srx_lI_f01b7XFl7hqx1AXFcAdZnHFLcr6QwpkWeGETsfeUIUwkHHW_RbowDLAcuZysa6ncJxUdwLwgPJrIRGOeYJYlV6UXS0Yax2q70k2Uc8-ig"
 -H "App-Id: _g9i_EbDjtNIbyz-vIOJvA"
 -H "App-Secret: plqaHdW0QDGPJYgjkCLejQ"
 -H "Access-Token: 1daa9fa0ccec3f9b8aeefe7b54ee958056a88afda1b52585543294a8605fca122f92004d551cdfceae1a6c2a249cbbfe9fb3ad172e64f90cb301a567f1f0c06c"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/payments/check_funds"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "amount": 30.01,
    "currency_code": "USD",
    "account": "example_data.account"
  },
  "exp": 1566313029
}
Parameter Type Description
data hash, required Wrapper for the data.
data.account string, required Account number used to identify the account for prospective payment.
data.amount integer, required Ammount to check
Values greater than: 0Can raise: ValueOutOfRange
data.currency_code string, required Currency
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "session_secret": "YFtibemM58Aui5iUsqtz"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier on Salt Edge PSD2 Compliance.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Providers

Providers Index

Returns all supported providers.

Request

GEThttps://priora.saltedge.com/api/v2/providers

CURL

curl -i
 -H "App-Id: r35b50RRbuWWMWfiAV0ZnQ"
 -H "App-Secret: dLNRHXoecqf9iwsPxm0tUA"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/providers"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "per_page": 20,
  "from_id": 342
}
Parameter Type Description
from_id integer, optional Return providers starting with a specific id.
Values greater than: 0Can raise: ValueOutOfRange
per_page integer, optional Number of providers that should be returned per request or less.
Default value: 20Values in range between: 1 and 1000Can raise: ValueOutOfRange

Response

Example of response

{
  "data": [
    {
      "id": 637,
      "name": "Example Name",
      "code": "okU2e",
      "connector_url": "https://user.will.be/redirected/here",
      "status": "disabled",
      "scopes": "kyc",
      "created_at": "2019-08-20T14:55:08.814Z",
      "updated_at": "2019-08-20T14:55:08.814Z",
      "authorization_types": [
        {
          "code": "VyRaT",
          "display_name": "Example Name",
          "scopes": [
          ],
          "instruction": "example_data.authorization_types.instruction",
          "extra": {
          },
          "required_fields": [
            {
            }
          ],
          "mfa_fields": [
            {
            }
          ]
        }
      ]
    }
  ],
  "meta": {
    "time": "2019-08-20T14:55:08.815Z",
    "next_id": 888
  }
}
Response Type Description
data array, required Wrapper for the data.
data.authorization_types array, required Available authorization types.
data.authorization_types.code string, optional Serves to identify any authorization type within the scope of a Provider on Priora.
data.authorization_types.display_name string, optional Human readable name of given authorization type.
data.authorization_types.extra hash, optional Any extra dara related to the authorization type.
data.authorization_types.instruction string, optional Short instruction for the Customer.
data.authorization_types.mfa_fields array, optional List of all MFA(second+ step) authorization fields and their description.
data.authorization_types.required_fields array, optional List of all required(first step) authorization fields and their description.
data.authorization_types.scopes array, optional List of scopes(permissions) that can be obtained through specific authorization type.
data.code string, required ASPSP code in Priora.
data.connector_url string, required URL to Connector API layer implemented by ASPSP.
data.created_at datetime, required Datetime ASPSP registered in Priora.
data.id integer, required ASPSP identifier in Priora.
data.name string, required ASPSP name.
data.scopes integer, required Scopes supported by ASPSP.
Allowed values: accounts, transactions, kyc, payments, funds_availability
data.status string, required Current status of ASPSP.
Allowed values: pending, disabled, test, live, sandbox
data.updated_at datetime, required Datetime ASPSP updated itself.
meta hash, required Wrapper for the response metadata.
meta.next_id integer, optional Id of the next entity used in paginated responses.
meta.time datetime, required Time request was processed.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
OauthAppNotFound 404 OauthAppNotFound

Providers Templates

Returns provider’s templates.

Request

GEThttps://priora.saltedge.com/api/v2/providers/:provider_code/templates

CURL

curl -i
 -H "App-Id: zIJ-IyCFjAuM1TGqnqNFTQ"
 -H "App-Secret: XcJPp4AeQoNyXENDDF-DwQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/providers/:provider_code/templates"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "provider_code": "demobank"
}
Parameter Type Description
provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied

Response

Example of response

{
  "data": [
    {
      "id": 720,
      "description": "example_data.description",
      "provider_id": 625,
      "payment_type": "transfer",
      "default": true,
      "extra": {
      },
      "created_at": "2019-08-20T14:55:08.846Z",
      "updated_at": "2019-08-20T14:55:08.846Z",
      "payment_attributes": [
        {
          "attribute_name": "Example Name",
          "attribute_type": "number",
          "label": "example_data.payment_attributes.label",
          "optional": false,
          "position": 531,
          "values": [
          ]
        }
      ]
    }
  ]
}
Response Type Description
data array, required Wrapper for the data.
data.created_at datetime, required Datetime of template creation on Priora side.
data.default boolean, required States whether given template is default or not.
Allowed values: true, false
data.description string, required Short description of payment template.
data.extra hash, required Extra details that should be persisted into session.
data.id integer, required Template identifier.
data.payment_attributes array, required Contains a list of payment attributes with their characteristics.
data.payment_attributes.attribute_name string, required Name of the attribute, should be used by application as input field name.
data.payment_attributes.attribute_type string, required Type of the input field that should be used.
Allowed values: text, number, dropdown
data.payment_attributes.label string, required Human readable label for presentation of the payment attribute.
data.payment_attributes.optional boolean, required Flag that shows whether the attribute is optional or not.
Allowed values: true, false
data.payment_attributes.position integer, required Position index of the attribute within payment template, should be considered when rendering the template.
data.payment_attributes.values array, optional List of possible values for a given payment attribute.
data.payment_type string, required Specifies the type of payment associated with a preregistered template.
data.provider_id integer, required Identifies Provider under which template was defined.
data.updated_at datetime, required Datetime of last template updation on Priora side.
Class Code Description
ProviderNotFound 404 ProviderNotFound
AccessDenied 401 Action you want to perform is not allowed. More in error_message
OauthAppNotFound 404 OauthAppNotFound

Sessions

Sessions Show

To be described…

Request

GEThttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: N4AYe98OYHRoxlqLO5fyOQ"
 -H "App-Secret: cuA-e-1NqbYZiSx6Xpbrkw"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028,
  "secret": "WfvNdDJmvuip9zAWtVes"
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Another session identifier that can be used for session lookup and confirmation.
Can raise: SessionNotFound

Response

Example of response

{
  "data": {
    "id": 699,
    "secret": "M2mUbstYy5vC-xe9Jyxw",
    "status": "waiting_confirmation",
    "extra": {
      "scopes": [
        "accounts",
        "transactions",
        "kyc",
        "payments",
        "funds_availability"
      ]
    },
    "token": {
      "access_token": "9qvvb2rhRfMRusuQXjs1",
      "refresh_token": "6eLKAS4yvPRB6PCrZ6mr",
      "expires_at": "2019-08-20T14:55:08.874Z"
    },
    "fail_at": "2019-08-20T14:55:08.874Z",
    "success_at": "2019-08-20T14:55:08.874Z",
    "created_at": "2019-08-20T14:55:08.874Z",
    "updated_at": "2019-08-20T14:55:08.874Z",
    "events": [
      {
      }
    ],
    "authorization_details": {
    },
    "customer_id": 858,
    "provider_code": "demobank"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.authorization_details hash, optional Data which was used for authorization.
data.created_at datetime, required Datetime of session creation.
data.customer_id integer, optional Salt Edge PSD2 Compliance customer id.
data.events array, required Session progress events.
data.extra hash, required Extra details that should be persisted into session.
data.extra.scopes array, optional Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability
data.fail_at datetime, optional Datetime of session failure.
data.id integer, required Session identifier on Salt Edge PSD2 Compliance.
data.provider_code string, required Human readable Provider identifier.
data.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.status string, required Conveys current status of the operation.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed, fetched_kyc, fetched_accounts, fetched_transactions
data.success_at datetime, optional Datetime of session successful closure.
data.token hash, optional Access token that will be used to access ASPSP data.
data.token.access_token string, required A unique string which grants access to TPP to perform actions for PSU.
data.token.expires_at datetime, required Datetime of token expiration.
data.token.refresh_token string, required Token which can be used to refresh an expired access token.
data.updated_at datetime, required Datetime of last session updation.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound

Sessions Confirm

To be described…

Request

PUThttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjoib2F1dGgifSwiZXhwIjoxNTY2MzEzMDI4fQ.UtXTkIHgRMY_rtWo1OAkNoN5zdWApzAOchgsPcIGFSKoArMuTXw19POySz46086LU3u2HN0qQV5z4PTncnp9kGShObYuRztkYMzDfKS98J4EYRC5CQXnRcCUvw7q-e4RPlfLThgN3nOg1p7S8Pkskt19-vnHJWQM8OSqzMDdID60d2rulcUYPdg-1GDoQlwWLnWfk44R-C2lJNlC3_VBX9MS0vmQ50sq-jSu1JUeN2VwPgOyqJYwikJ9dJufQ561PMU54aGKiK1wJpJ9c6Pdy7UsABDM317PD0gZJAUkKLIeH56aY8qbZujyzba-md2gMMTk06nKOs7Ig-pbgH76sw"
 -H "App-Id: 8dK0Jf1PCMvx2x_xLyiBkg"
 -H "App-Secret: eLn6kRSE4GIJmEMVvf4LVw"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X PUT "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "credentials": "oauth"
  },
  "exp": 1566313028,
  "secret": "HDoWiNZfxZ9ww6suWxPB"
}
Parameter Type Description
data hash, required Wrapper for the data.
data.credentials hash, required Wrapper for confirmation code pair.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Another session identifier that can be used for session lookup and confirmation.
Can raise: SessionNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "id": 859,
    "secret": "VvVK8r8shxCtyRyx68Fm",
    "status": "fetched_accounts",
    "extra": {
      "scopes": [
        "accounts",
        "transactions",
        "kyc",
        "payments",
        "funds_availability"
      ]
    },
    "token": {
      "access_token": "giZ59a8XJQ_w2ZQPc6BE",
      "refresh_token": "XxW-UBgNdzJQFpTQArf-",
      "expires_at": "2019-08-20T14:55:08.934Z"
    },
    "fail_at": "2019-08-20T14:55:08.934Z",
    "success_at": "2019-08-20T14:55:08.934Z",
    "created_at": "2019-08-20T14:55:08.934Z",
    "updated_at": "2019-08-20T14:55:08.934Z",
    "events": [
      {
      }
    ],
    "authorization_details": {
    },
    "customer_id": 845,
    "provider_code": "demobank"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.authorization_details hash, optional Data which was used for authorization.
data.created_at datetime, required Datetime of session creation.
data.customer_id integer, optional Salt Edge PSD2 Compliance customer id.
data.events array, required Session progress events.
data.extra hash, required Extra details that should be persisted into session.
data.extra.scopes array, optional Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability
data.fail_at datetime, optional Datetime of session failure.
data.id integer, required Session id.
data.provider_code string, required Human readable Provider identifier.
data.secret string, required Another session identifier that can be used for session lookup and confirmation.
data.status string, required Conveys current status of the operation.
Allowed values: processing, redirect, waiting_confirmation, waiting_confirmation_code, closed, fetched_kyc, fetched_accounts, fetched_transactions
data.success_at datetime, optional Datetime of session successful closure.
data.token hash, optional Access token that will be used to access ASPSP data.
data.token.access_token string, required A unique string which grants access to TPP to perform actions for PSU.
data.token.expires_at datetime, required Datetime of token expiration.
data.token.refresh_token string, required Token which can be used to refresh an expired access token.
data.updated_at datetime, required Datetime of last session updation.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound

Sessions Destroy

Cancel session.

Request

GEThttps://priora.saltedge.com/api/v2/sessions/:secret

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: fDAte5b8YI2j2aXXHi9CXw"
 -H "App-Secret: OXmN-rXMZrXoYttGCbnGjQ"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/sessions/:secret"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028,
  "secret": "mv7VnxuWLueGNdRwwpkV"
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange
secret string, required Session secret.
Can raise: SessionNotFound, SessionClosed, SessionExpired

Response

Example of response

{
  "data": {
    "session_secret": "5qJssHyVnnNBaPoJ-ey4"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier on Salt Edge PSD2 Compliance.
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound

Session Extra

Attribute Type Description
scopes array of strings, optional Token scopes.
device_info object, optional Contains mobile platform and push_token.
public_key string, optional RSA public key.
return_to string, optional URL for redirection after authentication process is carried out.
funds_available boolean, optional Whether funds are available or not

Session Actions

Each and every session has an action associated to it that represents session’s purpose.

Action Purpose
check_funds Process of checking for coverage of a payment by Customer’s account.
create_token Creation of a token with the purpose of granting access to bank data for client applications.
refresh_token Refreshing of an expired access token.
revoke_token Revocation of an access token.
refresh_accounts Instruction for Priora to refresh data obtained from the bank.
create_payment Initiation of a payment.

Session Statuses

The current stage of a session lifecycle is represented in status field. The status of a session can be one of the following:

Name Description
processing Priora is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.
fetched_kyc Priora has received the information about Customer.
fetched_accounts Priora has received the accounts of Customer.
fetched_transactions Priora has received the transactions or Customer.

Tokens

Create token via client application

Initiate a linking process for a provider. The client application has to handle all the authentication UI in this flow (see Provider authorization_types). During the lifecycle, events will be added to the session which will send callbacks to your application.

Tokens Remote

To be described…

Request

POSThttps://priora.saltedge.com/api/v2/tokens/remote

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNjb3BlcyI6WyJhY2NvdW50cyIsInRyYW5zYWN0aW9ucyIsImt5YyIsInBheW1lbnRzIiwiZnVuZHNfYXZhaWxhYmlsaXR5Il0sImNvbnNlbnRfcGVyaW9kX2RheXMiOjkwLCJjcmVkZW50aWFscyI6eyJhdXRob3JpemF0aW9uX3R5cGUiOiJvYXV0aCJ9LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3VzZXIud2lsbC5iZS9yZWRpcmVjdGVkL2hlcmUiLCJmb3JjZV9zY2EiOmZhbHNlfSwiZXhwIjoxNTY2MzEzMDI4fQ.RenOwtsDkZZC21DT2RTBiNRp3_jyW0ZvxMNSnm6gdk4MD7MmuMUyMwakgtFaARkrcz4hZAodl-3m-qz_E2c4tS3JPVN2leojF4bcnAl11ph0sG7bU66TCkvSMXi-UFpUIczJbVS5B2M-tAWqFuU7DMJ8M7zKQEvNlkvWOrBw2g1WFMacW3rcWKihkY1iXr07AVM1xr4HqVAuMRIx6IsNbPacIJrYGdWM3eCIrUWJSukjoxSyEs2X_BToCTiIVpmtxLDn6Wt6csgHwS30tzX1M9hFGbbdUWM8p7PlLJ_HB21rfNkMhXkF5ny_Vv40FrRftdBnQ-_mqICnJVIRD59K_g"
 -H "App-Id: fdHtQPiuOTc2T8sLhkKnaw"
 -H "App-Secret: 5XovvjGNmGL3nNi4nEDqRg"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tokens/remote"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "provider_code": "demobank",
    "scopes": [
      "accounts",
      "transactions",
      "kyc",
      "payments",
      "funds_availability"
    ],
    "consent_period_days": 90,
    "credentials": {
      "authorization_type": "oauth"
    },
    "redirect_url": "https://user.will.be/redirected/here",
    "force_sca": false
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
data.consent_period_days integer, required Customer’s consent expiration in days.
Default value: 90
data.credentials hash, required Wrapper for required first step credentials.
Can raise: ScopesInvalid, AuthorizationTypeNotFound, WrongRequiredFields
data.credentials.authorization_type string, required Specifies authorization type that was used for token creation.
data.force_sca boolean, optional Whether to disregard exemptions and force SCA as a required step to process the payment.
data.provider_code string, required Human readable Provider identifier.
Can raise: ProviderNotFound, AccessDenied
data.redirect_url string, optional The URL that the customer will be redirected to after he has finished the authentication process on provider’s side. (required for authorization_type = oauth).
data.scopes array, required Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availabilityCan raise: ScopesInvalid
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "session_secret": "6B7wqfzxfewWwgQGDzaR"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier on Salt Edge PSD2 Compliance.
Can raise: SessionNotFound
Class Code Description
ProviderNotFound 404 ProviderNotFound
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ScopesInvalid 400 ScopesInvalid
AuthorizationTypeNotFound 401 AuthorizationTypeNotFound
WrongRequiredFields 401 WrongRequiredFields
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound

Tokens Reconnect

This endpoint allows TPP to refresh current Access-Token. The behavior can be the following: ASPSP can just return a new token, ask for MFA or ask for reconnection. In any of the cases above TPP will receive a session callback and the following behavior will be stored in the session object.

Request

POSThttps://priora.saltedge.com/api/v2/tokens/reconnect

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbnNlbnRfYXBwcm92ZWQiOnRydWV9LCJleHAiOjE1NjYzMTMwMjh9.gGQOhR8onPjjlUI9NigfYOwaDAuAKEv7xLaWMXFQYClImSc8X27hENaDcTigUrONkMHDnqDQ5-dpj-wffOcfb2DLkJorXulamUuje-qR6soJVemmCcjhooeKxHeWmfgV4PdK-5ctJk3yUgS_86A6uWv86v_fGsQ76FXWo8vAPw9m444RNCmvqN6Xh6pEJN0IgIdFqKXDOi34AojVE8gJzOOMf8VEf8k50eD9GjeYcUPJGyvgZmN0VKOzfTVhB1ge5rtWIiiADTS3e_e35xwQfamaP4GIRReZ7p5tdz8VwzeZlEUnRysQyt9SSorXp55bmmll33qdSvdaCX2ZjIJN7Q"
 -H "App-Id: hGbhiMI37nwL-oqc-8MwfA"
 -H "App-Secret: axf205QSm7CY9UHILjJ9xw"
 -H "Access-Token: 6d6015872718dc1f361f48b3cf05171d6b1446e4d9f3d290a01c274b06d3a1b8c356324a495d6f87923fe5a1c6928256c920dbd808e69d4e02c304ae3d8e511c"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X POST "https://priora.saltedge.com/api/v2/tokens/reconnect"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
    "consent_approved": true
  }
}
Parameter Type Description
data hash, required Wrapper for the data.
data.consent_approved boolean, required A flag which determines whether a PSU approved reconnection process or not.
Allowed values: true

Response

Example of response

{
  "data": {
    "session_secret": "jrBtgrje_C3K95T2s6yE"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.session_secret string, required Session identifier on Salt Edge PSD2 Compliance.
Class Code Description
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Refresh

Refresh an access token that has expired.

Request

POSThttps://priora.saltedge.com/api/v2/tokens/refresh

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: hsHVKHjJRAUtwFlB0eMZ4A"
 -H "App-Secret: mxYoS-c5O1uGVNuWHZ86Pg"
 -H "Client-Request-Id: example_Client-Request-Id"
 -H "Refresh-Token: example_Refresh-Token"
 -X POST "https://priora.saltedge.com/api/v2/tokens/refresh"

Headers

Header Type Description
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Refresh-Token string, required Token issued to refresh expired Access Token.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "refreshed": false,
    "access_token": "HZyiqFjJZfK9vsJoQbFo",
    "expires_at": "2019-08-20T14:55:08.759Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token string, required A unique string which grants access to TPP to perform actions for PSU.
data.expires_at datetime, required When does new access token expire.
data.refreshed boolean, required Whether token was refreshed or not.
Allowed values: true, false
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Revoke

To be described…

Request

DELETEhttps://priora.saltedge.com/api/v2/tokens

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: KiHzmZ_PNniuigRBn2Ti9g"
 -H "App-Secret: vAPw4xHmM-dbHaVn0yiNpw"
 -H "Access-Token: 30b6eaf0e5b84e8921172e25a796039c65d0eef47ad7da38b925a5e02741efa08353c6fa5bfc3ec25aef06923d7946df6b81e1ca424fbbdb78096583b23c06bb"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X DELETE "https://priora.saltedge.com/api/v2/tokens"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "revoked": false,
    "access_token": "7QiqRqu7aHFX9BvFv5rS"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token string, required Token which was revoked or not.
data.revoked boolean, required Whether token was revoked or not.
Allowed values: true, false
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Tokens Show

Return current state of a token.

Request

GEThttps://priora.saltedge.com/api/v2/tokens

CURL

curl -i
 -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNTY2MzEzMDI4fQ.q6qV8UzTthujU5a1AHSIGZDaLunj8jQ4F0V1AbpTUVKhFWU4NOn6PVoCe6aPw-W9pN1sRYAfZWGAYHY5HXVv1kxd9Y5mczNh4t-gYKb1Z2yr0qNaVJWaBabhNChtqcV2RfL8vIau1nv2uGETQCAevfeWx81bHPeVOjIVqGoGwRW5jgw-CC0AQzG2NRUc32CyM1OdL7JZ6IG6mpmMnxT4a7Q9wso7gC6v79HKb2Oe-f4FK-RanmwUay3pAmexMghZbtDMjB8qGSWlXloJyBXyObtr2EpFqWWDFabBhxnz18Vs2a2KvaXMzyhs-Q-trXOt5B8fceSLsIzzfSLllI7pnA"
 -H "App-Id: qdeGuGQRAvOTHBuOZBB2Xg"
 -H "App-Secret: mbo0Yjnxg22aLhxlfmtwYw"
 -H "Access-Token: 52af71e8d4f1b9f1911111bc2d6f90526a208c22730741154089c662213294ee7283431f82d1d371aeaaf58e29ab248952bb5f579f24a5409e919b53a6d9ab73"
 -H "Client-Request-Id: example_Client-Request-Id"
 -X GET "https://priora.saltedge.com/api/v2/tokens"

Headers

Header Type Description
Access-Token string, required Token for which we are requesting info.
Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
App-Id string, required Application’s app_id from connection details tab.
Can raise: OauthAppNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Can raise: OauthAppNotFound
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise: AuthorizationMissing
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.

Unpacked Authorization

Example of unpacked Authorization header

{
  "data": {
  },
  "exp": 1566313028
}
Parameter Type Description
data hash, required Wrapper for the data.
exp integer, required The lifetime of the request in timestamp utc format.
Values greater than: Current time.Can raise: ValueOutOfRange

Response

Example of response

{
  "data": {
    "scopes": [
      "accounts",
      "transactions",
      "kyc",
      "payments",
      "funds_availability"
    ],
    "refresh_token": "2A-4KMEgKxnaW_MfAAYh",
    "access_token_expires_at": "2019-08-20T14:55:08.672Z"
  }
}
Response Type Description
data hash, required Wrapper for the data.
data.access_token_expires_at datetime, required When does access token expire.0
data.refresh_token string, required Token which can be used to refresh an expired access token.
data.scopes array, required Set of permissions for access token.
Allowed values: accounts, transactions, kyc, payments, funds_availability
Class Code Description
ValueOutOfRange 400 ValueOutOfRange
AuthorizationMissing 400 AuthorizationMissing
OauthAppNotFound 404 OauthAppNotFound
TokenMissing 400 This request cannot be performed without TOKEN header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.

Sandboxes

Spain

MySodexo Sandbox

Usage

To connect to MySodexo Sandbox, please use provider code mysodexo_es_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Email address (Email) mysodexo_es_xf@gmail.com
Password (Сontraseña) passw0rd

France

LCL Prépayé Enterprise Sandbox

Usage

To connect to LCL Prépayé Enterprise Sandbox, please use provider code lcl_prepaye_enterprise_fr_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Identifier (Identifiant) 1223334444
Personal code (Code personnel) 123456

United Kingdom

AEG Sandbox

Usage

To connect to AEG Sandbox, please use provider code aeg_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code aeg_gb_xf_user
Password/code passw0rd

Allianz Sandbox

Usage

To connect to Allianz Sandbox, please use provider code allianz_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allianz_gb_xf_user
Password/code passw0rd

Allsave Sandbox

Usage

To connect to Allsave Sandbox, please use provider code allsave_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code allsave_gb_xf_user
Password/code passw0rd

Bank of East Asia UK Sandbox

Usage

To connect to Bank of East Asia UK Sandbox, please use provider code bank_of_east_asia_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Cyberbanking No. 12345678901
PIN 12345678912345
OTP 123456

BENEFEX Sandbox

Usage

To connect to BENEFEX Sandbox, please use provider code benefex_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code benefex_gb_xf_user
Password/code passw0rd

BMW UK Ltd Sandbox

Usage

To connect to BMW UK Ltd Sandbox, please use provider code bmwuk_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bmwuk_ltd_gb_xf_user
Password/code passw0rd

Bournemouth University Sandbox

Usage

To connect to Bournemouth University Sandbox, please use provider code bournemouth_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code bournemouth_university_gb_xf_user
Password/code passw0rd

Brinc (Health Service Discounts) Sandbox

Usage

To connect to Brinc (Health Service Discounts) Sandbox, please use provider code brinc_health_service_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code brinc_health_service_discounts_gb_xf_user
Password/code passw0rd

Byblos Bank Europe Sandbox

Usage

To connect to Byblos Bank Europe Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111

Direct Line Group Sandbox

Usage

To connect to Direct Line Group Sandbox, please use provider code direct_line_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code direct_line_group_gb_xf_user
Password/code passw0rd

Drax Power Ltd Sandbox

Usage

To connect to Drax Power Ltd Sandbox, please use provider code drax_power_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code drax_power_ltd_gb_xf_user
Password/code passw0rd

E-Spree Sandbox

Usage

To connect to E-Spree Sandbox, please use provider code e_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code e_spree_gb_xf_user
Password/code passw0rd

Exeter University Sandbox

Usage

To connect to Exeter University Sandbox, please use provider code exeter_university_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code exeter_university_gb_xf_user
Password/code passw0rd

1st Option Consulting Ltd Sandbox

Usage

To connect to 1st Option Consulting Ltd Sandbox, please use provider code first_option_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code first_option_consulting_gb_xf_user
Password/code passw0rd

Fuel Gift Card Sandbox

Usage

To connect to Fuel Gift Card Sandbox, please use provider code fuel_gift_card_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fuel_gift_card_gb_xf_user
Password/code passw0rd

Fujifilm Sandbox

Usage

To connect to Fujifilm Sandbox, please use provider code fujifilm_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code fujifilm_gb_xf_user
Password/code passw0rd

Generic Spree Sandbox

Usage

To connect to Generic Spree Sandbox, please use provider code generic_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code generic_spree_gb_xf_user
Password/code passw0rd

Geopost Sandbox

Usage

To connect to Geopost Sandbox, please use provider code geopost_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code geopost_gb_xf_user
Password/code passw0rd

Getronics Sandbox

Usage

To connect to Getronics Sandbox, please use provider code getronics_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code getronics_gb_xf_user
Password/code passw0rd

Giant Group Sandbox

Usage

To connect to Giant Group Sandbox, please use provider code giant_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code giant_group_gb_xf_user
Password/code passw0rd

Glory Dale Sandbox

Usage

To connect to Glory Dale Sandbox, please use provider code glory_dale_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code glory_dale_gb_xf_user
Password/code passw0rd

GMAC Sandbox

Usage

To connect to GMAC Sandbox, please use provider code gmac_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code gmac_gb_xf_user
Password/code passw0rd

Group Schemes Sandbox

Usage

To connect to Group Schemes Sandbox, please use provider code group_schemes_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code group_schemes_gb_xf_user
Password/code passw0rd

Guaranty Trust Bank UK Sandbox

Usage

To connect to Guaranty Trust Bank UK Sandbox, please use provider code gt_bank_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User ID gt_bank_gb_xf
Secret question answer hunter2
Login code 123456
Payee Code secret

Hays Recruitment Sandbox

Usage

To connect to Hays Recruitment Sandbox, please use provider code hays_recruitment_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hays_recruitment_gb_xf_user
Password/code passw0rd

Healthineers Sandbox

Usage

To connect to Healthineers Sandbox, please use provider code healthineers_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code healthineers_gb_xf_user
Password/code passw0rd

HP Sandbox

Usage

To connect to HP Sandbox, please use provider code hp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code hp_gb_xf_user
Password/code passw0rd

In2 Resourcing Sandbox

Usage

To connect to In2 Resourcing Sandbox, please use provider code in2_resourcing_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code in2_resourcing_gb_xf_user
Password/code passw0rd

IQSA Services LTD Sandbox

Usage

To connect to IQSA Services LTD Sandbox, please use provider code iqsa_services_ltd_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iqsa_services_ltd_gb_xf_user
Password/code passw0rd

Iron Mountain Sandbox

Usage

To connect to Iron Mountain Sandbox, please use provider code iron_mountain_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code iron_mountain_gb_xf_user
Password/code passw0rd

JCB Sandbox

Usage

To connect to JCB Sandbox, please use provider code jcb_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code jcb_gb_xf_user
Password/code passw0rd

Kering (Gucci Group Services) Sandbox

Usage

To connect to Kering (Gucci Group Services) Sandbox, please use provider code kering_gucci_group_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code kering_gucci_group_services_gb_xf_user
Password/code passw0rd

LBI (Digitas) Sandbox

Usage

To connect to LBI (Digitas) Sandbox, please use provider code lbi_digitas_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lbi_digitas_gb_xf_user
Password/code passw0rd

Lifestyle Sandbox

Usage

To connect to Lifestyle Sandbox, please use provider code lifestyle_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lifestyle_gb_xf_user
Password/code passw0rd

Lincoln Uni Sandbox

Usage

To connect to Lincoln Uni Sandbox, please use provider code lincoln_uni_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code lincoln_uni_gb_xf_user
Password/code passw0rd

Monclear Sandbox

Usage

To connect to Monclear Sandbox, please use provider code monclear_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code monclear_gb_xf_user
Password/code passw0rd

Motivcom Sandbox

Usage

To connect to Motivcom Sandbox, please use provider code motivcom_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code motivcom_gb_xf_user
Password/code passw0rd

My Spree Sandbox

Usage

To connect to My Spree Sandbox, please use provider code my_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code my_spree_gb_xf_user
Password/code passw0rd

Nasa Consulting Sandbox

Usage

To connect to Nasa Consulting Sandbox, please use provider code nasa_consulting_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code nasa_consulting_gb_xf_user
Password/code passw0rd

Online Tax Rebates Sandbox

Usage

To connect to Online Tax Rebates Sandbox, please use provider code online_tax_rebates_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code online_tax_rebates_gb_xf_user
Password/code passw0rd

Parasol Group Sandbox

Usage

To connect to Parasol Group Sandbox, please use provider code parasol_group_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code parasol_group_gb_xf_user
Password/code passw0rd

Paystream Sandbox

Usage

To connect to Paystream Sandbox, please use provider code paystream_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code paystream_gb_xf_user
Password/code passw0rd

Premier Foods Sandbox

Usage

To connect to Premier Foods Sandbox, please use provider code premier_foods_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code premier_foods_gb_xf_user
Password/code passw0rd

PSCashback Sandbox

Usage

To connect to PSCashback Sandbox, please use provider code ps_cashback_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_cashback_gb_xf_user
Password/code passw0rd

PSDiscounts Sandbox

Usage

To connect to PSDiscounts Sandbox, please use provider code ps_discounts_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code ps_discounts_gb_xf_user
Password/code passw0rd

PSL Sandbox

Usage

To connect to PSL Sandbox, please use provider code psl_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code psl_gb_xf_user
Password/code passw0rd

Red Contractors Sandbox

Usage

To connect to Red Contractors Sandbox, please use provider code red_contractors_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code red_contractors_gb_xf_user
Password/code passw0rd

Royal Sun Alliance Sandbox

Usage

To connect to Royal Sun Alliance Sandbox, please use provider code royal_sun_alliance_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code royal_sun_alliance_gb_xf_user
Password/code passw0rd

SAP Sandbox

Usage

To connect to SAP Sandbox, please use provider code sap_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sap_gb_xf_user
Password/code passw0rd

Say Reward Sandbox

Usage

To connect to Say Reward Sandbox, please use provider code say_reward_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code say_reward_gb_xf_user
Password/code passw0rd

Seat UK Sandbox

Usage

To connect to Seat UK Sandbox, please use provider code seat_uk_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code seat_uk_gb_xf_user
Password/code passw0rd

Sharp Sandbox

Usage

To connect to Sharp Sandbox, please use provider code sharp_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sharp_gb_xf_user
Password/code passw0rd

Siemens PLC Sandbox

Usage

To connect to Siemens PLC Sandbox, please use provider code siemens_plc_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code siemens_plc_gb_xf_user
Password/code passw0rd

Simply Spree Sandbox

Usage

To connect to Simply Spree Sandbox, please use provider code simply_spree_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code simply_spree_gb_xf_user
Password/code passw0rd

Skybox Sandbox

Usage

To connect to Skybox Sandbox, please use provider code skybox_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code skybox_gb_xf_user
Password/code passw0rd

Sodexo Onsite Services Sandbox

Usage

To connect to Sodexo Onsite Services Sandbox, please use provider code sodexo_onsite_services_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code sodexo_onsite_services_gb_xf_user
Password/code passw0rd

Stewart Milne Sandbox

Usage

To connect to Stewart Milne Sandbox, please use provider code stewart_milne_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code stewart_milne_gb_xf_user
Password/code passw0rd

Team Rewards Sandbox

Usage

To connect to Team Rewards Sandbox, please use provider code team_rewards_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code team_rewards_gb_xf_user
Password/code passw0rd

Tilney Sandbox

Usage

To connect to Tilney Sandbox, please use provider code tilney_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tilney_gb_xf_user
Password/code passw0rd

TUI (NEW DAY) Sandbox

Usage

To connect to TUI (NEW DAY) Sandbox, please use provider code tuinewday_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code tuinewday_gb_xf_user
Password/code passw0rd

UIB Sandbox

Usage

To connect to UIB Sandbox, please use provider code uib_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code uib_gb_xf_user
Password/code passw0rd

Utility Warehouse UK Sandbox

Usage

To connect to Utility Warehouse UK Sandbox, please use provider code utility_warehouse_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Member No./ username 7989366
Password passw0rdpassw0rdpass

Volvo Sandbox

Usage

To connect to Volvo Sandbox, please use provider code volvo_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code volvo_gb_xf_user
Password/code passw0rd

XPO HOLDINGS Sandbox

Usage

To connect to XPO HOLDINGS Sandbox, please use provider code xpoholdings_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code xpoholdings_gb_xf_user
Password/code passw0rd

Zurich Sandbox

Usage

To connect to Zurich Sandbox, please use provider code zurich_gb_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
User name/code zurich_gb_xf_user
Password/code passw0rd

Sweden

Lunchkultur Sandbox

Usage

To connect to Lunchkultur Sandbox, please use provider code lunchkultur_se_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
National ID Number, “YYMMDDNNNN” 1223334444

Switzerland

Habib Bank Sandbox

Usage

To connect to Habib Bank Sandbox, please use provider code habib_bank_ch_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Logninname habibuser
Password Passw0rd
Token 123456
OTP 123456

Belgium

Byblos BE Sandbox

Usage

To connect to Byblos UK Sandbox, please use provider code byblos_bank_europe_be_xf when connecting. This Sandbox supports only oauth authorization method.

Test credentials

Field name Valid value
Username byblosuser
Password passw0rd
Token 123456
OTP 1111