Connector Endpoints

Consents

These endpoints are responsible for managing of funds-confirmation-consent resources.

Create

Create a funds confirmation consent.

CURL

curl -i \ -H "Authorization: example_Authorization" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 123" \ -X POST "https://your.connector.url/api/priora/ob/v1/funds_check_consents"

curl -i  \ 
 -H "Authorization: example_Authorization" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 123" \ 
 -X POST "https://your.connector.url/api/priora/ob/v1/funds_check_consents"

Example of request parameters

{"data":{"provider_code":"demobank","app_name":"AppName","tpp_global_urn":"PSDNL-FCA-034681","consent_id":151,"status":"AwaitingAuthorisation","expiration_date_time":"2017-06-05T15:15:13+00:00","debtor_account":{"scheme_name":"UK.OBIE.SortCodeAccountNumber","identification":"08080021325698","name":"ACME Inc","secondary_identification":"0002"}},"exp":1234567}

Request

POST https://your.connector.url/api/priora/ob/v1/funds_check_consents

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

provider_code

string, required

Human readable Provider identifier. Can raise: FieldInvalid

app_name

string, required

TPP application name. Can raise: FieldInvalid

tpp_global_urn

string, required

The Global Unique Reference Number (GURN) is the national number issued by a National Competent Authority (NCA) to uniquely identify an account-servicing payment service provider (ASPSP), a third-party provider (TPP) or any other regulated entity. Can raise: FieldInvalid

consent_id

integer, required

The consent identifier assigned to the created resource.

status

string, required

Specifies the status of account resource in code form. Can raise: FieldInvalid

expiration_date_time

datetime, optional

Specified date and time the consent will expire.

debtor_account

hash, optional

Unambiguous identification of the account.

scheme_name

string, required

Name of the identification scheme, in a coded form as published in an external list. Can raise: FieldInvalid

identification

string, required

Identification assigned by an institution to identify an account. This identification is known by the account owner. Can raise: FieldInvalid

name

string, optional

Name of the account, as assigned by the account servicing institution. Can raise: FieldInvalid

secondary_identification

string, optional

This is secondary identification of the account, as assigned by the account servicing institution. Can raise: FieldInvalid

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.

Revoke

Revoke a funds confirmation consent.

CURL

curl -i \ -H "Authorization: Bearer authorization" \ -H "Access-Token: aXMgZmFpbHVyZSB0byBjb21tdW5pY2F0ZQ0K" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 123" \ -X PATCH "https://your.connector.url/api/priora/ob/v1/funds_check_consents/:consent_id/revoke"

curl -i  \ 
 -H "Authorization: Bearer authorization" \ 
 -H "Access-Token: aXMgZmFpbHVyZSB0byBjb21tdW5pY2F0ZQ0K" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 123" \ 
 -X PATCH "https://your.connector.url/api/priora/ob/v1/funds_check_consents/:consent_id/revoke"

Example of request parameters

{"data":{"provider_code":"demobank","consent_id":9192090},"exp":123456}

Request

PATCH https://your.connector.url/api/priora/ob/v1/funds_check_consents/:consent_id/revoke

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

consent_id (path)

integer, required

The consent identifier assigned to the created resource.

provider_code

string, required

Human readable Provider identifier. Can raise: FieldInvalid

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.

Funds Confirmation

These endpoints are responsible for managing of funds-confirmation-consent resources.

Get

Request a funds confirmation resource/information.

CURL

curl -i \ -H "Authorization: Authorization" \ -H "Access-Token: Access-Token" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 123" \ -X GET "https://your.connector.url/api/priora/ob/v1/funds_check"

curl -i  \ 
 -H "Authorization: Authorization" \ 
 -H "Access-Token: Access-Token" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 123" \ 
 -X GET "https://your.connector.url/api/priora/ob/v1/funds_check"

Example of request parameters

{"data":{"provider_code":"demobank","app_name":"Fentury","reference":"Some ref","instructed_amount":{"amount":"115.3","currency":"GBP"}},"exp":1234567}

Example of response

{"data":{"funds_confirmation_id":"funds_confirmation_resource_id","funds_confirmation_created_at":"2022-01-02T03:04:05+00:00","funds_available":true}}

Request

GET https://your.connector.url/api/priora/ob/v1/funds_check

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

provider_code

string, required

Human readable Provider identifier. Can raise: FieldInvalid

app_name

string, required

TPP application name. Can raise: FieldInvalid

reference

string, required

Unique reference, as assigned by the TPP, to unambiguously refer to the request related to the funds confirmation request. Can raise: FieldInvalid

instructed_amount

hash, required

Wrapper for amount and currency.

amount

string, required

Requested amount to be confirmed. Can raise: FieldInvalid

currency

string, required

Identification of the currency in which the account is held. Usage: Currency should only be used in case one and the same account number covers several currencies and the initiating party needs to identify which currency needs to be used for settlement on the account. Can raise: FieldInvalid, UnsupportedCurrency

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

data

hash, required

Wrapper for the data.

funds_confirmation_id

string, required

Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation resource.

funds_confirmation_created_at

datetime, required

Date and time at which the funds confirmation resource was created.

funds_available

boolean, required

Response whether account has sufficient funds of not.

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.
UnsupportedCurrency	400	The currency is not supported.

Errors

Create

This endpoint is responsible for receiving validation errors of responses which Connector sends to Salt Edge PSD2 Compliance Solution.

CURL

curl -i \ -H "Authorization: example_Authorization" \ -H "Access-Token: b2077c5c020a5e262767aac63fdbc75fd64461afc660784fbc3451766f586bb4836e3405007c2caf497a1125ba58fb49be65b3c352285dea68328aded84e2f91" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 685" \ -X POST "https://your.connector.url/api/priora/ob/v1/errors"

curl -i  \ 
 -H "Authorization: example_Authorization" \ 
 -H "Access-Token: b2077c5c020a5e262767aac63fdbc75fd64461afc660784fbc3451766f586bb4836e3405007c2caf497a1125ba58fb49be65b3c352285dea68328aded84e2f91" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 685" \ 
 -X POST "https://your.connector.url/api/priora/ob/v1/errors"

Example of request parameters

{"data":{"request":{"method":"delete","url":"https://user.will.be/redirected/here","headers":{}},"error":{"error_message":"something went wrong","error_class":"InternalProviderError"}},"exp":1574093209}

Request

POST https://your.connector.url/api/priora/ob/v1/errors

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

request

hash, required

Wrapper for the following data: url, method, headers.

method

string, required

Original method of the request. Allowed values: get, post, put, delete Can raise: FieldInvalid

url

url, required

Original url of the request. Can raise: FieldInvalid

headers

hash, required

Original headers of the request including Authorization header.

error

hash, required

Wrapper for the following data error_class, error_message.

error_class

string, required

Class of failure. Can raise: FieldInvalid

error_message

string, required

Conveys the reason of failure in human readable text. Can raise: FieldInvalid

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.

Salt Edge Endpoints

Authorizations

Create

Send all the received data from TPP to Salt Edge PSD2 Compliance in order to create an authorization attempt and allow Salt Edge PSD2 Compliance to validate all the incoming data.

CURL

curl -i \ -H "App-Id: ds213FtasF23" \ -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ -H "Content-Type: application/jwt" \ -X POST "/api/connectors/ob/v1/authorizations"

curl -i  \ 
 -H "App-Id: ds213FtasF23" \ 
 -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ 
 -H "Content-Type: application/jwt" \ 
 -X POST "/api/connectors/ob/v1/authorizations"

Example of request parameters

{"data":{"authorize_url":"https://bank.com?client_id=some_client_id&redirect_uri=https://tpp.com&scope=openid%20accounts&response_type=code&state=weqe","auth_code":"xf7dhf-edfgbDf","auth_code_exp":"2021-01-25T15:03:52.177Z"},"exp":1606298169}

Example of response

{"data":{"redirect_uri":"https://tpp.com?error=access_denied&error_description=User+denied+the+authorization&state=weqe","authorization_id":153,"consent_id":162,"access_token":"cziaTXgBaCYerEHDvWE9"}}

Request

POST /api/connectors/ob/v1/authorizations

Headers

Header	Type	Description
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/jwt, text/plain
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Body (JWT)

data

hash, required

Wrapper for the data.

authorize_url

string, required

Authorize URL that was sent by TPP. Can raise: FieldInvalid, UnauthorizedClient, InvalidScope, InvalidRequest, RequestFormatInvalid

auth_code

string, required

Authorization code. Allowed length: min: 16 characters Can raise: FieldInvalid

auth_code_exp

datetime, optional

Authorization code expiration datetime. Default value: 5 minutes from now

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, required

Wrapper for the data.

redirect_uri

string, optional

Redirect URI for the PSU. Can raise: FieldInvalid

authorization_id

integer, optional

Authorization id on the Salt Edge PSD2 Compliance side.

consent_id

integer, optional

Associated consent id on the Salt Edge PSD2 Compliance side.

access_token

string, optional

Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user. Can raise: FieldInvalid

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.
InvalidScope	400	TPP has sent wrong scopes.
InvalidRequest	400	Given data is invalid. More in `message`.
RequestFormatInvalid	400	Request format is wrong. Details are stored in `error_message`
ConfigurationError	400	Missing configurations in dashboard.
UnauthorizedClient	401	Wrong `client_id` in `authorize_url.`
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Update

Update the status of just created authorization. Should be invoked after user successful/unsuccessful authentication.

CURL

curl -i \ -H "App-Id: ds213FtasF23" \ -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ -H "Content-Type: application/jwt" \ -X PUT "/api/connectors/ob/v1/authorizations/:id"

curl -i  \ 
 -H "App-Id: ds213FtasF23" \ 
 -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ 
 -H "Content-Type: application/jwt" \ 
 -X PUT "/api/connectors/ob/v1/authorizations/:id"

Example of request parameters

Example of response

{"data":{"authorization_id":123,"status":"approved","redirect_uri":"https://tpp.com?code=auth_code&state=weqe&scope=openid%20accounts"}}

Request

PUT /api/connectors/ob/v1/authorizations/:id

Headers

Header	Type	Description
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/jwt, text/plain
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Body (JWT)

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, required

Wrapper for the data.

authorization_id

integer, required

Authorization id on the Salt Edge PSD2 Compliance side.

status

string, required

Authorization status. Can raise: FieldInvalid

redirect_uri

string, required

Redirect back URI. Can raise: FieldInvalid

Related Errors

Class	Code	Description
FieldInvalid	400	An invalid value is supplied in the field. More details in `error_message`.
ConfigurationError	400	Missing configurations in dashboard.
NotFound	404	A resource could not be found. More in `error_message`.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Consents

Revoke

Revoke consents callback needs to be called any time the consent is revoked on the Provider Connector side. E.g. if the PSU revokes consent to data access that AISP is granted with, by using the corresponding functionality is ASPSP's direct interface (web/mobile banking).

CURL

curl -i \ -H "App-Id: ds213FtasF23" \ -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ -H "Content-Type: application/jwt" \ -X PATCH "/api/connectors/ob/v1/consents/:consent_id/revoke"

curl -i  \ 
 -H "App-Id: ds213FtasF23" \ 
 -H "App-Secret: WE21ffgGjgYqwigjhgh&g15f3" \ 
 -H "Content-Type: application/jwt" \ 
 -X PATCH "/api/connectors/ob/v1/consents/:consent_id/revoke"

Example of request parameters

{"data":{},"exp":1606298169}

Request

PATCH /api/connectors/ob/v1/consents/:consent_id/revoke

Headers

Header	Type	Description
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/jwt, text/plain
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Body (JWT)

data

hash, required

Wrapper for the data.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

consent_id (path)

integer, required

The consent identifier assigned to the created resource. Can raise: Unauthorized, ResourceNotFound, ResourceInvalidConsentStatus

Response

Upon successful request, 200 status code with an empty JSON "{}" should be returned.

Related Errors

Class	Code	Description
ResourceNotFound	400	Specified resource doesn't exist.
ResourceInvalidConsentStatus	400	The action can't be performed with current status of consent.
ConfigurationError	400	Missing configurations in dashboard.
Unauthorized	401	Consent is already expired.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.