Connector Endpoints

Tokens

These endpoints are responsible for implementing authentication and authorization of PSU. Process of token creation starts once PSU grants his consent to TPP. At the end of authorization, Connector should issue an access_token which can be used for furhter actions. You can find below sequence diagrams represeting embedded and oauth authorization flows.

OAuth Authentication Flow

Embedded Authentication Flow

Create

Create an access token with a set of access rights, named scopes. As a result, Connector should send an update or fail callback to Salt Edge PSD2 Compliance with the result of the operation, be it a success, fail or request for additional steps.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImFwcF9uYW1lIjoiRXhhbXBsZSBOYW1lIiwicHJvdmlkZXJfY29kZSI6ImRlbW9iYW5rIiwib3JpZ2luYWxfcmVxdWVzdCI6eyJjbGllbnRfand0IjoiQmVhcmVyIGV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUprWVhSaElqcDdJbkJ5YjNacFpHVnlYMk52WkdVaU9pSmtaVzF2WW1GdWF5SXNJbk5qYjNCbGN5STZXeUpoWTJOdmRXNTBjeUlzSW5SeVlXNXpZV04wYVc5dWN5SXNJbXQ1WXlJc0luQmhlVzFsYm5Seklpd2lablZ1WkhOZllYWmhhV3hoWW1sc2FYUjVJaXdpZEhKMWMzUmxaRjlpWlc1bFptbGphV0Z5YVdWeklsMHNJbU52Ym5ObGJuUmZjR1Z5YVc5a1gyUmhlWE1pT2prd0xDSm1iM0pqWlY5elkyRWlPbVpoYkhObExDSmpjbVZrWlc1MGFXRnNjeUk2ZXlKMGVYQmxJam9pYjJGMWRHZ2lMQ0poZFhSb2IzSnBlbUYwYVc5dVgzUjVjR1VpT2lKUVUwUmZRVWxUVUNKOUxDSnlaV1JwY21WamRGOTFjbXdpT2lKb2RIUndjem92TDNWelpYSXVkMmxzYkM1aVpTOXlaV1JwY21WamRHVmtMMmhsY21VaWZTd2laWGh3SWpveE5UYzBNRGt6TWpFd2ZRLk9lNFdIaFVyaFE0cHNmc2hUR2kzeWEyanRJTEJIY1EwSDZFYlktbjlIdWx3YjI4UVhDTm9kLUN5MlVLYlNEZjRxX2hrckdyQm5TeGd5SWhEQzNXbThNYkRSQ0tFRlFtci1LTko4M3ZYTnJSd29seVRZdUR3MGxJVHBySVFYU1pwel8xdWd2R0NnN2tnSEIzSlV0M0puQ2dNTzVlTGtZenpmUmN6V2NnNnNwdXpCWUk0Qi1yNHEwajFCOXp6Y0RKQmYxZkg1aWdaMW5QYm9FR21RUmJyc1hlMkNIWnEwT1BGSUNNbkNrR1pTdkRJbkNHdXVRMGtEUnhVNnZ4VF9WMFNNRWRHUk9SVmtZQnk2WEJ3aU1VdWFQM3JrWXF0NmN2c2pUeVZEd256N214OVF1T3JBSERtOXVVNHRWMnBGQ2dYdXpLdzlSQXBreFZETi1OUG9RaEl1ZyIsImNsaWVudF9wYXlsb2FkIjp7ImRhdGEiOnsiY3JlZGVudGlhbHMiOnsiYXV0aG9yaXphdGlvbl90eXBlIjoib2F1dGgifSwicHJvdmlkZXJfY29kZSI6ImRlbW9iYW5rIiwicmVkaXJlY3RfdXJsIjoiaHR0cHM6Ly91c2VyLndpbGwuYmUvcmVkaXJlY3RlZC9oZXJlIiwic2NvcGVzIjpbImFjY291bnRzIiwidHJhbnNhY3Rpb25zIiwia3ljIiwicGF5bWVudHMiLCJmdW5kc19hdmFpbGFiaWxpdHkiLCJ0cnVzdGVkX2JlbmVmaWNpYXJpZXMiXSwiY29uc2VudF9wZXJpb2RfZGF5cyI6OTB9LCJleHAiOjE1NzQwOTMyMTB9fSwic2Vzc2lvbl9zZWNyZXQiOiJiN2stUXhDM3ZkQS1NNDhwZXhpUyJ9LCJleHAiOjE3MzI0MzYxMjMsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.YAnnyNmE7dVPHXclZRF0JclAj_MWsIMMpasr4PAwCCvbCfBuHy7-EK_zkrrTk9cg21q3X9bGdsTHJEWDUCxSFLKYgfx5-A0Va7rQ1JXatgVgYzQ5ZzSKKnT3J6-Q1PWQqLeGm2A4SOZ5S3eA8yVRcm15s_m6f0K4LDQqAUDZrEsYIzwTDSSzA82fr4_tnljbFn6Uq3TXXETQLBvVIfiYVZ4ypZYiuS9h_5fPWk4TY1WbOHgLQk0q9_ujXP1skLzUkSeVvNTm51oOedv_qaePrsPdIj6BR1pf4T8fTQZYYXGloOHNg0jWNtSQ8yTHRYzo3snLAWH1L6BIOLM48Cjipw" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 771" \ -X POST "https://your.connector.url/api/priora/v1/tokens/create"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImFwcF9uYW1lIjoiRXhhbXBsZSBOYW1lIiwicHJvdmlkZXJfY29kZSI6ImRlbW9iYW5rIiwib3JpZ2luYWxfcmVxdWVzdCI6eyJjbGllbnRfand0IjoiQmVhcmVyIGV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUprWVhSaElqcDdJbkJ5YjNacFpHVnlYMk52WkdVaU9pSmtaVzF2WW1GdWF5SXNJbk5qYjNCbGN5STZXeUpoWTJOdmRXNTBjeUlzSW5SeVlXNXpZV04wYVc5dWN5SXNJbXQ1WXlJc0luQmhlVzFsYm5Seklpd2lablZ1WkhOZllYWmhhV3hoWW1sc2FYUjVJaXdpZEhKMWMzUmxaRjlpWlc1bFptbGphV0Z5YVdWeklsMHNJbU52Ym5ObGJuUmZjR1Z5YVc5a1gyUmhlWE1pT2prd0xDSm1iM0pqWlY5elkyRWlPbVpoYkhObExDSmpjbVZrWlc1MGFXRnNjeUk2ZXlKMGVYQmxJam9pYjJGMWRHZ2lMQ0poZFhSb2IzSnBlbUYwYVc5dVgzUjVjR1VpT2lKUVUwUmZRVWxUVUNKOUxDSnlaV1JwY21WamRGOTFjbXdpT2lKb2RIUndjem92TDNWelpYSXVkMmxzYkM1aVpTOXlaV1JwY21WamRHVmtMMmhsY21VaWZTd2laWGh3SWpveE5UYzBNRGt6TWpFd2ZRLk9lNFdIaFVyaFE0cHNmc2hUR2kzeWEyanRJTEJIY1EwSDZFYlktbjlIdWx3YjI4UVhDTm9kLUN5MlVLYlNEZjRxX2hrckdyQm5TeGd5SWhEQzNXbThNYkRSQ0tFRlFtci1LTko4M3ZYTnJSd29seVRZdUR3MGxJVHBySVFYU1pwel8xdWd2R0NnN2tnSEIzSlV0M0puQ2dNTzVlTGtZenpmUmN6V2NnNnNwdXpCWUk0Qi1yNHEwajFCOXp6Y0RKQmYxZkg1aWdaMW5QYm9FR21RUmJyc1hlMkNIWnEwT1BGSUNNbkNrR1pTdkRJbkNHdXVRMGtEUnhVNnZ4VF9WMFNNRWRHUk9SVmtZQnk2WEJ3aU1VdWFQM3JrWXF0NmN2c2pUeVZEd256N214OVF1T3JBSERtOXVVNHRWMnBGQ2dYdXpLdzlSQXBreFZETi1OUG9RaEl1ZyIsImNsaWVudF9wYXlsb2FkIjp7ImRhdGEiOnsiY3JlZGVudGlhbHMiOnsiYXV0aG9yaXphdGlvbl90eXBlIjoib2F1dGgifSwicHJvdmlkZXJfY29kZSI6ImRlbW9iYW5rIiwicmVkaXJlY3RfdXJsIjoiaHR0cHM6Ly91c2VyLndpbGwuYmUvcmVkaXJlY3RlZC9oZXJlIiwic2NvcGVzIjpbImFjY291bnRzIiwidHJhbnNhY3Rpb25zIiwia3ljIiwicGF5bWVudHMiLCJmdW5kc19hdmFpbGFiaWxpdHkiLCJ0cnVzdGVkX2JlbmVmaWNpYXJpZXMiXSwiY29uc2VudF9wZXJpb2RfZGF5cyI6OTB9LCJleHAiOjE1NzQwOTMyMTB9fSwic2Vzc2lvbl9zZWNyZXQiOiJiN2stUXhDM3ZkQS1NNDhwZXhpUyJ9LCJleHAiOjE3MzI0MzYxMjMsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.YAnnyNmE7dVPHXclZRF0JclAj_MWsIMMpasr4PAwCCvbCfBuHy7-EK_zkrrTk9cg21q3X9bGdsTHJEWDUCxSFLKYgfx5-A0Va7rQ1JXatgVgYzQ5ZzSKKnT3J6-Q1PWQqLeGm2A4SOZ5S3eA8yVRcm15s_m6f0K4LDQqAUDZrEsYIzwTDSSzA82fr4_tnljbFn6Uq3TXXETQLBvVIfiYVZ4ypZYiuS9h_5fPWk4TY1WbOHgLQk0q9_ujXP1skLzUkSeVvNTm51oOedv_qaePrsPdIj6BR1pf4T8fTQZYYXGloOHNg0jWNtSQ8yTHRYzo3snLAWH1L6BIOLM48Cjipw" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 771" \ 
 -X POST "https://your.connector.url/api/priora/v1/tokens/create"

Example of request parameters

Request

POST https://your.connector.url/api/priora/v1/tokens/create

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Revoke

Revoke an already existing and active access token.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNlc3Npb25fc2VjcmV0IjoiaDI5Yzk0MVBRNF9rNl82UG4tbzUifSwiZXhwIjoxNzMyNDM2MTI0LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.hmilXzlmTPnUNoROuvpbcgx-mJTZBh2HBDPt7ldVtLa6cZ8weeWOn1HHH_DB7_Wt2gtNSmA7rfoXdqBHyXANO8nQMhbhCDveZ-MOEVO67v1dyssk9A1yuN9k6YfYszho7cROS4_h77a6b4BXmE-qkV96Uv09Qh1wChERXV7-8umfZbpdmcqRXTFkppcBybxVHosKKwExrrRwPT3qrniuEmAPRVaoprv-WpqfNTFbe63BaYyqDBwvSZiIoDgb4oWPE_ZN5SRvwF_dFKcsURq_4onLWfc_mksar3sDSigOqdDozKRhIOFoNxVCyZJVMksdJxNNnmO__If36U8SQBbcow" \ -H "Access-Token: 65adc909f5676f3902787ecb6f379c1c48bfc18a222157713808274b100b9e255f7b4b59a3ecd7689cb2abe26f8705dfd89b7a0cc9e9a07a587dc64a7c4572ad" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 843" \ -X POST "https://your.connector.url/api/priora/v1/tokens/revoke"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNlc3Npb25fc2VjcmV0IjoiaDI5Yzk0MVBRNF9rNl82UG4tbzUifSwiZXhwIjoxNzMyNDM2MTI0LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.hmilXzlmTPnUNoROuvpbcgx-mJTZBh2HBDPt7ldVtLa6cZ8weeWOn1HHH_DB7_Wt2gtNSmA7rfoXdqBHyXANO8nQMhbhCDveZ-MOEVO67v1dyssk9A1yuN9k6YfYszho7cROS4_h77a6b4BXmE-qkV96Uv09Qh1wChERXV7-8umfZbpdmcqRXTFkppcBybxVHosKKwExrrRwPT3qrniuEmAPRVaoprv-WpqfNTFbe63BaYyqDBwvSZiIoDgb4oWPE_ZN5SRvwF_dFKcsURq_4onLWfc_mksar3sDSigOqdDozKRhIOFoNxVCyZJVMksdJxNNnmO__If36U8SQBbcow" \ 
 -H "Access-Token: 65adc909f5676f3902787ecb6f379c1c48bfc18a222157713808274b100b9e255f7b4b59a3ecd7689cb2abe26f8705dfd89b7a0cc9e9a07a587dc64a7c4572ad" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 843" \ 
 -X POST "https://your.connector.url/api/priora/v1/tokens/revoke"

Example of request parameters

{"data":{"provider_code":"demobank","session_secret":"h29c941PQ4_k6_6Pn-o5"},"exp":1574093209}

Request

POST https://your.connector.url/api/priora/v1/tokens/revoke

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

provider_code

string, required

Human readable Provider identifier.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Reconnect Deprecated

This endpoint is invoked when a TPP asks to refresh an active token. ASPSP should determine behavior for this action: ASPSP can just return a new token sending it into session/success endpoint, ask for MFA using sessions/update endpoint or just deny using sessions/fail endpoint.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNlc3Npb25fc2VjcmV0IjoieVU5VzYtQnU5dHpZTjJHWGlFckYifSwiZXhwIjoxNzMyNDM2MTI0LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.JLuVokkE9p3Sd5YOUAigV0kmzDkGADMr8YsMI2wf90x9fyOP8gcMwCE7vMJMX2AaCJGl3Wj0QAC6EM8GvPRonvGnwEcjpKqRkkB6kFWjByCyeV4F5N-NVICGRJgco98U3mqSOKqWQ5RLanr__N47Q7NH-Kn2c1lxe314qBbycnEYQvGD-xhciZ2VLyelSs34BPyV3ocxLRFiPYcyknyKAiMUQC0sYIUAVDEkUpnfpKstNjDBI_1LsSwRh4X8Q0cAL2iYq_3ati7Hr2rjbc4keXV0YshZXI0kztqQwhIyZNePLQsMKvw151owkf5_S7E3lj4hdmSlpr0xTZCSobGMCQ" \ -H "Access-Token: b8a2d37ea0ed40716deebb7c5fff81ce096c87141d45ef39cc7c4b2c455b09c8e338c1190267ab1bf56ffa6840662e2f3d3967a13985d0e0bd777059814e6954" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 718" \ -X POST "https://your.connector.url/api/priora/v1/tokens/reconnect"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayIsInNlc3Npb25fc2VjcmV0IjoieVU5VzYtQnU5dHpZTjJHWGlFckYifSwiZXhwIjoxNzMyNDM2MTI0LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.JLuVokkE9p3Sd5YOUAigV0kmzDkGADMr8YsMI2wf90x9fyOP8gcMwCE7vMJMX2AaCJGl3Wj0QAC6EM8GvPRonvGnwEcjpKqRkkB6kFWjByCyeV4F5N-NVICGRJgco98U3mqSOKqWQ5RLanr__N47Q7NH-Kn2c1lxe314qBbycnEYQvGD-xhciZ2VLyelSs34BPyV3ocxLRFiPYcyknyKAiMUQC0sYIUAVDEkUpnfpKstNjDBI_1LsSwRh4X8Q0cAL2iYq_3ati7Hr2rjbc4keXV0YshZXI0kztqQwhIyZNePLQsMKvw151owkf5_S7E3lj4hdmSlpr0xTZCSobGMCQ" \ 
 -H "Access-Token: b8a2d37ea0ed40716deebb7c5fff81ce096c87141d45ef39cc7c4b2c455b09c8e338c1190267ab1bf56ffa6840662e2f3d3967a13985d0e0bd777059814e6954" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 718" \ 
 -X POST "https://your.connector.url/api/priora/v1/tokens/reconnect"

Example of request parameters

{"data":{"provider_code":"demobank","session_secret":"yU9W6-Bu9tzYN2GXiErF"},"exp":1574093210}

Request

POST https://your.connector.url/api/priora/v1/tokens/reconnect

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

provider_code

string, required

Human readable Provider identifier.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Confirm

This endpoint is used for processing additional interactive steps in the process of access token creation. As a result, Connector should send a success or fail callback to Salt Edge PSD2 Compliance with result of the operation.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0Ijoic2NfZkt0VHRvSGM5SGtKc3R5ZnciLCJwcm92aWRlcl9jb2RlIjoiZGVtb2JhbmsiLCJvcmlnaW5hbF9yZXF1ZXN0Ijp7ImNsaWVudF9qd3QiOiJCZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SmtZWFJoSWpwN0ltTnlaV1JsYm5ScFlXeHpJanA3SW5SNWNHVWlPaUp2WVhWMGFDSjlmU3dpWlhod0lqb3hOVGMwTURrek1qQTVmUS5IYUoyWksxVlZvUXJoUkZsSVBaTk01dzRtajhQVG9sT3BBbHJFRU9UY2VGSWFrYzQ1blFMd1BpUkNyUE9OQWl6blRJMTI1MEVkb01Vd1JmYVd6MUFRMEZBdi1Xc1dmb3ltTjNiaVljWlpwNEZlQXJMVzgyd3pzREZXVTlWV1VIU0h4MnpMX0k3dnZWaGxKY1BiX3R6SVJWcVJSTFRNTnp2SjJPX1hYZ0hPeG1TQXF6Q3B1UTdBVUV6QTVZdUQxWjgxZDVPcTMtNzNmMGRjenc1Nnk2cTV4blY4NnJuZ2s5M1FpYTdGR3oyRi1HY3dJbld6R0lsV2dtUXQxYk13SHltNnJ1RVVzeUxOZ09LanVObnFGaEtwOTh2V1FpaFFuVlZBdmU3bGNoUG9rWWFYMklGU0k4Z2FkT2FTZ1dyQ2FvMngySU1qQkZxMHZvaFYxQnFZbEVLYVEiLCJjbGllbnRfcGF5bG9hZCI6eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiNDg5NiJ9fSwiZXhwIjoxNTc0MDkzMjA5fX19LCJleHAiOjE3MzI0MzYxMjUsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.kr73tP1oA4hglIEQJhwUG9GA5uJJ2qwWByucsX0M-scFRd9xXOTLMbAyTg396ynfGJZQpHHUWUkJHC_uAs2r0heMQn7aqK4YQzeLH5FdfQod1jzfnf4MuPHxo7ZUBCw6LJbztAJ5tOX9pwMaPdCzx24fYtUCGJvildB8q6lNnegkA9GCWJCYwzX_mfNwORuc4-RP75SaA6Y4Ptj0CiJwqHugbqoKkkORRRpMSahFsl-U4rgcx0mqjbhF9ro51vQEliwAdTfXmwoBhc7azppW-QfomYTsCWMq37oEGjgjUKCli89cPilNpJx9-EFDSUd6OloSTN3BPa3COCpEHNEHEw" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 501" \ -X POST "https://your.connector.url/api/priora/v1/tokens/confirm"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0Ijoic2NfZkt0VHRvSGM5SGtKc3R5ZnciLCJwcm92aWRlcl9jb2RlIjoiZGVtb2JhbmsiLCJvcmlnaW5hbF9yZXF1ZXN0Ijp7ImNsaWVudF9qd3QiOiJCZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SmtZWFJoSWpwN0ltTnlaV1JsYm5ScFlXeHpJanA3SW5SNWNHVWlPaUp2WVhWMGFDSjlmU3dpWlhod0lqb3hOVGMwTURrek1qQTVmUS5IYUoyWksxVlZvUXJoUkZsSVBaTk01dzRtajhQVG9sT3BBbHJFRU9UY2VGSWFrYzQ1blFMd1BpUkNyUE9OQWl6blRJMTI1MEVkb01Vd1JmYVd6MUFRMEZBdi1Xc1dmb3ltTjNiaVljWlpwNEZlQXJMVzgyd3pzREZXVTlWV1VIU0h4MnpMX0k3dnZWaGxKY1BiX3R6SVJWcVJSTFRNTnp2SjJPX1hYZ0hPeG1TQXF6Q3B1UTdBVUV6QTVZdUQxWjgxZDVPcTMtNzNmMGRjenc1Nnk2cTV4blY4NnJuZ2s5M1FpYTdGR3oyRi1HY3dJbld6R0lsV2dtUXQxYk13SHltNnJ1RVVzeUxOZ09LanVObnFGaEtwOTh2V1FpaFFuVlZBdmU3bGNoUG9rWWFYMklGU0k4Z2FkT2FTZ1dyQ2FvMngySU1qQkZxMHZvaFYxQnFZbEVLYVEiLCJjbGllbnRfcGF5bG9hZCI6eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiNDg5NiJ9fSwiZXhwIjoxNTc0MDkzMjA5fX19LCJleHAiOjE3MzI0MzYxMjUsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.kr73tP1oA4hglIEQJhwUG9GA5uJJ2qwWByucsX0M-scFRd9xXOTLMbAyTg396ynfGJZQpHHUWUkJHC_uAs2r0heMQn7aqK4YQzeLH5FdfQod1jzfnf4MuPHxo7ZUBCw6LJbztAJ5tOX9pwMaPdCzx24fYtUCGJvildB8q6lNnegkA9GCWJCYwzX_mfNwORuc4-RP75SaA6Y4Ptj0CiJwqHugbqoKkkORRRpMSahFsl-U4rgcx0mqjbhF9ro51vQEliwAdTfXmwoBhc7azppW-QfomYTsCWMq37oEGjgjUKCli89cPilNpJx9-EFDSUd6OloSTN3BPa3COCpEHNEHEw" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 501" \ 
 -X POST "https://your.connector.url/api/priora/v1/tokens/confirm"

Example of request parameters

{"data":{"session_secret":"sc_fKtTtoHc9HkJstyfw","provider_code":"demobank","original_request":{"client_jwt":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InR5cGUiOiJvYXV0aCJ9fSwiZXhwIjoxNTc0MDkzMjA5fQ.HaJ2ZK1VVoQrhRFlIPZNM5w4mj8PTolOpAlrEEOTceFIakc45nQLwPiRCrPONAiznTI1250EdoMUwRfaWz1AQ0FAv-WsWfoymN3biYcZZp4FeArLW82wzsDFWU9VWUHSHx2zL_I7vvVhlJcPb_tzIRVqRRLTMNzvJ2O_XXgHOxmSAqzCpuQ7AUEzA5YuD1Z81d5Oq3-73f0dczw56y6q5xnV86rngk93Qia7FGz2F-GcwInWzGIlWgmQt1bMwHym6ruEUsyLNgOKjuNnqFhKp98vWQihQnVVAve7lchPokYaX2IFSI8gadOaSgWrCao2x2IMjBFq0vohV1BqYlEKaQ","client_payload":{"data":{"credentials":{"sms_pincode":"4896"}},"exp":1574093209}}},"exp":1574093209}

Request

POST https://your.connector.url/api/priora/v1/tokens/confirm

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

original_request

hash, required

Original parameters coming from Client application.

client_jwt

string, required

An original JWT signed by a TPP. In order to verify the JWT TPP's public key should be retrieved.

client_payload

hash, required

Already verified and decoded client JWT. Using this data will allow you to not perform additional calls to Salt Edge PSD2 Compliance Solution.

data

hash, required

Wrapper for the data.

credentials

hash, required

Wrapper for required first step credentials.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

provider_code

string, required

Human readable Provider identifier.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Cancel

Cancel any access token that is in the process of enrollment, meaning it has not been confirmed yet.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiZzRmeV9XNHh5YzZUUktzWVNBTXQifSwiZXhwIjoxNzMyNDM2MTI1LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.jQSkPTl1FH2ajKNzMY2sWxn8VezLnT4viPEDs72SvsxV64GbhbxDg0JWX8eDlEQTwU5zKMDuO3oEVhyhEGPQ9Csl4BwOgKws1rcjXZtslcmj7hQXDYvZT-FY5F9q_NuRWwq76bSxSMsTQ303S_CFNRiSKcZFMurIzllIGL8h8xR93izpm93EnmiCE4dWx7AGdXbA8BxklMwri3V_mvIfrqnlHd_cnI0jQPy81QyAObTstNBJ4KrZyd6O0H6opMYL8wQEx0i1pZFSAGUYnWSaH7mi7BYeAHfwHzylKUEVZ42B7Q97VWIbw5Dh72K9Qf6lyTfNSM4Dyb_n7NQ4F6RkfA" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 830" \ -X POST "https://your.connector.url/api/priora/v1/tokens/cancel"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiZzRmeV9XNHh5YzZUUktzWVNBTXQifSwiZXhwIjoxNzMyNDM2MTI1LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.jQSkPTl1FH2ajKNzMY2sWxn8VezLnT4viPEDs72SvsxV64GbhbxDg0JWX8eDlEQTwU5zKMDuO3oEVhyhEGPQ9Csl4BwOgKws1rcjXZtslcmj7hQXDYvZT-FY5F9q_NuRWwq76bSxSMsTQ303S_CFNRiSKcZFMurIzllIGL8h8xR93izpm93EnmiCE4dWx7AGdXbA8BxklMwri3V_mvIfrqnlHd_cnI0jQPy81QyAObTstNBJ4KrZyd6O0H6opMYL8wQEx0i1pZFSAGUYnWSaH7mi7BYeAHfwHzylKUEVZ42B7Q97VWIbw5Dh72K9Qf6lyTfNSM4Dyb_n7NQ4F6RkfA" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 830" \ 
 -X POST "https://your.connector.url/api/priora/v1/tokens/cancel"

Example of request parameters

{"data":{"session_secret":"g4fy_W4xyc6TRKsYSAMt"},"exp":1574093209}

Request

POST https://your.connector.url/api/priora/v1/tokens/cancel

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Accounts

This endpoint is responsible for fetching account information for Account Information Service.

Accounts Fetch Flow

Fetch

Fetch list of accounts belonging to a PSU and all relevant information about them. Accounts available for making payments will be flagged accordingly.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiY3ppYVRYZ0JhQ1llckVIRHZXRTkifSwiZXhwIjoxNzMyNDM2MTI2LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.S6ZhtGnYJgPuBiefnDL9ckeNqaMYsGe4gBzHIsOF29QgQZQCOTAPveu8xBCzvG76KVeZqBUe9No1eq668srk0fQn4vnYlD6ml-wWrbkY3nsCOI1txvA-891R0svewwTFbUvy1_NXWbKJfbtCl9C9dnGqVlEeZodba5cSWFjhoLpUncqBjGV1fKFk6PaDZjPjXnAxOF5bTScPtdu_gpdrUd_endpneuUC4L13L2GWMxj7XPf2RMcXczFqZMu-oeCfX8r0NBPTzef_tq8q8JG2i8rIQefxkLqKFNqJ_mfYzTfge6CRhfR4dxfGfuph1v-3pVu2sbs5ULIoVQ7MWjnTsA" \ -H "Access-Token: e4649d535f5e3125bcc939e2f3b33a070127be520e2f1134ed8722976703e0b32d9354fb147014103ce39f6eed428ac65d82659b6289901449c73d12d939c28f" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 765" \ -X GET "https://your.connector.url/api/priora/v1/accounts"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiY3ppYVRYZ0JhQ1llckVIRHZXRTkifSwiZXhwIjoxNzMyNDM2MTI2LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.S6ZhtGnYJgPuBiefnDL9ckeNqaMYsGe4gBzHIsOF29QgQZQCOTAPveu8xBCzvG76KVeZqBUe9No1eq668srk0fQn4vnYlD6ml-wWrbkY3nsCOI1txvA-891R0svewwTFbUvy1_NXWbKJfbtCl9C9dnGqVlEeZodba5cSWFjhoLpUncqBjGV1fKFk6PaDZjPjXnAxOF5bTScPtdu_gpdrUd_endpneuUC4L13L2GWMxj7XPf2RMcXczFqZMu-oeCfX8r0NBPTzef_tq8q8JG2i8rIQefxkLqKFNqJ_mfYzTfge6CRhfR4dxfGfuph1v-3pVu2sbs5ULIoVQ7MWjnTsA" \ 
 -H "Access-Token: e4649d535f5e3125bcc939e2f3b33a070127be520e2f1134ed8722976703e0b32d9354fb147014103ce39f6eed428ac65d82659b6289901449c73d12d939c28f" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 765" \ 
 -X GET "https://your.connector.url/api/priora/v1/accounts"

Example of request parameters

{"data":{"session_secret":"cziaTXgBaCYerEHDvWE9"},"exp":1574093209}

Example of response

{"data":[{"id":"724","name":"Example Name","iban":"FK54RAND61068421435452","currency_code":"USD","extra":{},"number":"619656558","sort_code":"82-78-66","swift_code":"TBNFFR23PAR","nature":"credit","payment_account":false,"balance":"5000.00","available_amount":"4995.00","credit_limit":"7000","status":"active"}]}

Request

GET https://your.connector.url/api/priora/v1/accounts

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

data

array, required

Wrapper for the data. Can raise: RequestFormatInvalid

string, required

Account identifier on Connector.

name

string, required

Human readable account name. Allowed length: max: 255 characters

iban

string, optional

International Bank Account Number.

extra

hash, optional

Any additional information relevant to a payment. Default value: {}

currency_code

string, required

Account’s currency in ISO 4217. Can raise: ResourceUnknown

number

string, optional

Account number within Bank’s ecosystem.

sort_code

string, optional

Bank codes used in British and Irish banking systems.

swift_code

string, optional

Business Identifier Code.

nature

string, required

Type of account. Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage

payment_account

boolean, required

Flag representing whether account can be used to initiate payments.

balance

string, optional

Account balance.

available_amount

string, optional

Amount available on account.

credit_limit

string, optional

Is the maximum amount of credit available on account.

status

string, optional

Conveys current status of the operation. Default value: active Allowed values: active, inactive

Refresh

In case the connector uses a different database from Core Banking, this endpoint enables the process of refreshing accounts and transactions on connector side before sending them to Salt Edge PSD2 Compliance Solution.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieGRzUHNMd19lUkw2Tko4bTIzR2UiLCJmcm9tX2RhdGUiOiIyMDE5LTA4LTE4IiwidG9fZGF0ZSI6IjIwMTktMTEtMTgiLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3VzZXIud2lsbC5iZS9yZWRpcmVjdGVkL2hlcmUifSwiZXhwIjoxNzMyNDM2MTI2LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.gfOOTevfuamHvim1cnV1sRxt_-LqLFFpovMfQl-rJN-G_yzqlwrVDAl3w6J4XW2U6VAxT6Hmwpq9YGz5N7M5FOleW0VBtlnKeVLlKdbwt8A1dSiBRMml5DTACryQGiqKZyruz7-qNl6hxBH48sUt6B6kSoZzqdsbYjGQE74csRrfeVh_R6k7ynE_ez2TIImPInZXGQCgfxXPWJEm3IebmJRmXGny1KjYb6Kg1jl1vVG8Hw1UD6L_jUvK9UsqlinRY7Dj1gX_oF56wK_NfPjbPfZNYe4uGOPzMg2pzJgjCqSWEYt03-RgCe5gAhX2zdNpWQ01xVvWAeCKQ-assHrrEQ" \ -H "Access-Token: 4fd12e851a9ed70420c3b2e8d5471ae56438e0875ba521c02bff802a176f4c99bebda2e3516e644fc99e37facf0c02e52836fefedcfc2dc9a44d993218bcda70" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 786" \ -X PUT "https://your.connector.url/api/priora/v1/accounts"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieGRzUHNMd19lUkw2Tko4bTIzR2UiLCJmcm9tX2RhdGUiOiIyMDE5LTA4LTE4IiwidG9fZGF0ZSI6IjIwMTktMTEtMTgiLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3VzZXIud2lsbC5iZS9yZWRpcmVjdGVkL2hlcmUifSwiZXhwIjoxNzMyNDM2MTI2LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.gfOOTevfuamHvim1cnV1sRxt_-LqLFFpovMfQl-rJN-G_yzqlwrVDAl3w6J4XW2U6VAxT6Hmwpq9YGz5N7M5FOleW0VBtlnKeVLlKdbwt8A1dSiBRMml5DTACryQGiqKZyruz7-qNl6hxBH48sUt6B6kSoZzqdsbYjGQE74csRrfeVh_R6k7ynE_ez2TIImPInZXGQCgfxXPWJEm3IebmJRmXGny1KjYb6Kg1jl1vVG8Hw1UD6L_jUvK9UsqlinRY7Dj1gX_oF56wK_NfPjbPfZNYe4uGOPzMg2pzJgjCqSWEYt03-RgCe5gAhX2zdNpWQ01xVvWAeCKQ-assHrrEQ" \ 
 -H "Access-Token: 4fd12e851a9ed70420c3b2e8d5471ae56438e0875ba521c02bff802a176f4c99bebda2e3516e644fc99e37facf0c02e52836fefedcfc2dc9a44d993218bcda70" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 786" \ 
 -X PUT "https://your.connector.url/api/priora/v1/accounts"

Example of request parameters

Request

PUT https://your.connector.url/api/priora/v1/accounts

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Confirm

This endpoint is used for processing additional interactive steps in the process of accounts refresh. As a result, Connector should send a success or fail callback to Salt Edge PSD2 Compliance with result of the operation.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieGtlVE53UjNHSEgzY0hjcTNVQ3QiLCJwcm92aWRlcl9jb2RlIjoiZGVtb2JhbmsiLCJvcmlnaW5hbF9yZXF1ZXN0Ijp7ImNsaWVudF9qd3QiOiJCZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SmtZWFJoSWpwN0ltTnlaV1JsYm5ScFlXeHpJanA3SW5OdGMxOXdhVzVqYjJSbElqb2lORFUyT0NKOWZTd2laWGh3SWpveE5UZ3pNalF5TnpZMGZRLlZPaGE4Rm13MTBQUkFoNjZHN3JwaVdWZS1ldEdYOVZGTzFjM185WFhRa2VtRGItS2N5STBMT2htM2xvd0c0MzJ6XzFnTzV6Z1p3cDdpVXdRQWVBTmk0aXJzU0MtOWNPQ01NdTNRY2RCU28zRHlpU2xLMDZObmRrZUZyYUYzb1puNVVMczF1YzYyVjFCNVJFRkJBS0NQaVNaeHQ4UWp0WWFWc3U4dGdYVFZ6N2FYMnNtNlZHOGJuSHp2cEdNcWt4LXQtclJEQ1lYTGlnTlpCR1hRTmhlTUE3RG1ERS14QzlEMzE3OWh6bUZpbGtVYktxYlgxOV93YnEzZFNaRk9SU2t3MHQ4bW1IeEwxV21lWFpTcm9OOXkzQmQwek9VQ3NjdGZUaXl1TzZsd05mYlhoZW5qcEJsdGM4dzEyZmRFU192cTVvOG56SDh0QzBJSnFQRFdYaFI4QSIsImNsaWVudF9wYXlsb2FkIjp7ImRhdGEiOnsiY3JlZGVudGlhbHMiOnsic21zX3BpbmNvZGUiOiI0NTY4In19LCJleHAiOjE1NzQwOTMyMTB9fX0sImV4cCI6MTczMjQzNjEyNywiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.fQq-XJHRc-FZx6w9PQuCeQOQGGjLYQ8fx1emVm4LtD4tJHvOMWlcKIczVdgqONmyrw6TXAsITn2NQsMft18xfuOOvaUtcasBJ5gtE1ar_IPtX3Cj04QFGfF5_qU_hsQgVOFAk3uWoxI_Bohc2oYBp4yN4cNshLyLa2Av2mTicFVHuqjXQdVquPaCXSxoTvKCXc6D0eA1zZjFR3jl-5iKDYq71Oba1qr_VIQHjZVb8olOrtmTYp4oStJe5kA-Y6AkzwpmLPTHNC5nlfUL2t7aQCYMStAWXnYPRfLUR4eDaX0oCj0qemZALP0DczG_kBTffFROEQ94g30V7e2BGimRLQ" \ -H "Access-Token: 65adc909f5676f3902787ecb6f379c1c48bfc18a222157713808274b100b9e255f7b4b59a3ecd7689cb2abe26f8705dfd89b7a0cc9e9a07a587dc64a7c4572ad" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 843" \ -X POST "https://your.connector.url/api/priora/v1/accounts/confirm"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieGtlVE53UjNHSEgzY0hjcTNVQ3QiLCJwcm92aWRlcl9jb2RlIjoiZGVtb2JhbmsiLCJvcmlnaW5hbF9yZXF1ZXN0Ijp7ImNsaWVudF9qd3QiOiJCZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUo5LmV5SmtZWFJoSWpwN0ltTnlaV1JsYm5ScFlXeHpJanA3SW5OdGMxOXdhVzVqYjJSbElqb2lORFUyT0NKOWZTd2laWGh3SWpveE5UZ3pNalF5TnpZMGZRLlZPaGE4Rm13MTBQUkFoNjZHN3JwaVdWZS1ldEdYOVZGTzFjM185WFhRa2VtRGItS2N5STBMT2htM2xvd0c0MzJ6XzFnTzV6Z1p3cDdpVXdRQWVBTmk0aXJzU0MtOWNPQ01NdTNRY2RCU28zRHlpU2xLMDZObmRrZUZyYUYzb1puNVVMczF1YzYyVjFCNVJFRkJBS0NQaVNaeHQ4UWp0WWFWc3U4dGdYVFZ6N2FYMnNtNlZHOGJuSHp2cEdNcWt4LXQtclJEQ1lYTGlnTlpCR1hRTmhlTUE3RG1ERS14QzlEMzE3OWh6bUZpbGtVYktxYlgxOV93YnEzZFNaRk9SU2t3MHQ4bW1IeEwxV21lWFpTcm9OOXkzQmQwek9VQ3NjdGZUaXl1TzZsd05mYlhoZW5qcEJsdGM4dzEyZmRFU192cTVvOG56SDh0QzBJSnFQRFdYaFI4QSIsImNsaWVudF9wYXlsb2FkIjp7ImRhdGEiOnsiY3JlZGVudGlhbHMiOnsic21zX3BpbmNvZGUiOiI0NTY4In19LCJleHAiOjE1NzQwOTMyMTB9fX0sImV4cCI6MTczMjQzNjEyNywiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.fQq-XJHRc-FZx6w9PQuCeQOQGGjLYQ8fx1emVm4LtD4tJHvOMWlcKIczVdgqONmyrw6TXAsITn2NQsMft18xfuOOvaUtcasBJ5gtE1ar_IPtX3Cj04QFGfF5_qU_hsQgVOFAk3uWoxI_Bohc2oYBp4yN4cNshLyLa2Av2mTicFVHuqjXQdVquPaCXSxoTvKCXc6D0eA1zZjFR3jl-5iKDYq71Oba1qr_VIQHjZVb8olOrtmTYp4oStJe5kA-Y6AkzwpmLPTHNC5nlfUL2t7aQCYMStAWXnYPRfLUR4eDaX0oCj0qemZALP0DczG_kBTffFROEQ94g30V7e2BGimRLQ" \ 
 -H "Access-Token: 65adc909f5676f3902787ecb6f379c1c48bfc18a222157713808274b100b9e255f7b4b59a3ecd7689cb2abe26f8705dfd89b7a0cc9e9a07a587dc64a7c4572ad" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 843" \ 
 -X POST "https://your.connector.url/api/priora/v1/accounts/confirm"

Example of request parameters

{"data":{"session_secret":"xkeTNwR3GHH3cHcq3UCt","provider_code":"demobank","original_request":{"client_jwt":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiNDU2OCJ9fSwiZXhwIjoxNTgzMjQyNzY0fQ.VOha8Fmw10PRAh66G7rpiWVe-etGX9VFO1c3_9XXQkemDb-KcyI0LOhm3lowG432z_1gO5zgZwp7iUwQAeANi4irsSC-9cOCMMu3QcdBSo3DyiSlK06NndkeFraF3oZn5ULs1uc62V1B5REFBAKCPiSZxt8QjtYaVsu8tgXTVz7aX2sm6VG8bnHzvpGMqkx-t-rRDCYXLigNZBGXQNheMA7DmDE-xC9D3179hzmFilkUbKqbX19_wbq3dSZFORSkw0t8mmHxL1WmeXZSroN9y3Bd0zOUCsctfTiyuO6lwNfbXhenjpBltc8w12fdES_vq5o8nzH8tC0IJqPDWXhR8A","client_payload":{"data":{"credentials":{"sms_pincode":"4568"}},"exp":1574093210}}},"exp":1574093210}

Request

POST https://your.connector.url/api/priora/v1/accounts/confirm

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

original_request

hash, required

Original parameters coming from Client application.

client_jwt

string, required

An original JWT signed by a TPP. In order to verify the JWT TPP's public key should be retrieved.

client_payload

hash, required

Already verified and decoded client JWT. Using this data will allow you to not perform additional calls to Salt Edge PSD2 Compliance Solution.

data

hash, required

Wrapper for the data.

credentials

hash, required

Wrapper for required first step credentials.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

provider_code

string, required

Human readable Provider identifier.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Transactions

This endpoint is responsible for fetching transactions which belong to previously fetched accounts.

Fetch

Fetch all transactions related to a bank account.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieVBzZXRDeVA3Y0d6bnZiOVNERkMiLCJhY2NvdW50X2lkIjoiODciLCJmcm9tX2RhdGUiOiIyMDE5LTExLTE4VDE2OjA0OjQ5LjU4NVoiLCJ0b19kYXRlIjoiMjAxOS0xMS0xOFQxNjowNDo0OS41ODVaIn0sImV4cCI6MTczMjQzNjEyNywiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.uBurVRwh3bfIp2bPkWQ5p8bOFdvOA_wxLGIZZJAKsYGjUkOLrzaIWltqqPoO4Dxt4Cl5vya_I0tzfWS6lwa84IOl1giHX4MeW-JRUMJPhrExcMfK7r5Y9Lrnw4fmDd1zJkUgurOaiImvSMMaU1hYFRNTqGajkUjnAG0aWleOQtehHuPtAdFyy7tj1X48iILoXaWLng4HpPiw5ELsRVexro-HZEmXHQNKAuvG0SnFsG0z4XcJaTCBbIRybTaC3t4oCeT0-npheX_m9ufCov3xg2aQWZ_72-LerGo2VwccGmamSenI81bwsfaS44pqLpKt2pi2F_RHBLhatx6ZWQFM-Q" \ -H "Access-Token: 2cab054fa0dfd20d725ef46c533b537701c29d47ebea97893374d4e47714e49e2e331764e4f4a20d5e285dbb08af9566e14a8f597230bca6d9f5b3b2048a71f5" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 866" \ -X GET "https://your.connector.url/api/priora/v1/transactions"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieVBzZXRDeVA3Y0d6bnZiOVNERkMiLCJhY2NvdW50X2lkIjoiODciLCJmcm9tX2RhdGUiOiIyMDE5LTExLTE4VDE2OjA0OjQ5LjU4NVoiLCJ0b19kYXRlIjoiMjAxOS0xMS0xOFQxNjowNDo0OS41ODVaIn0sImV4cCI6MTczMjQzNjEyNywiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.uBurVRwh3bfIp2bPkWQ5p8bOFdvOA_wxLGIZZJAKsYGjUkOLrzaIWltqqPoO4Dxt4Cl5vya_I0tzfWS6lwa84IOl1giHX4MeW-JRUMJPhrExcMfK7r5Y9Lrnw4fmDd1zJkUgurOaiImvSMMaU1hYFRNTqGajkUjnAG0aWleOQtehHuPtAdFyy7tj1X48iILoXaWLng4HpPiw5ELsRVexro-HZEmXHQNKAuvG0SnFsG0z4XcJaTCBbIRybTaC3t4oCeT0-npheX_m9ufCov3xg2aQWZ_72-LerGo2VwccGmamSenI81bwsfaS44pqLpKt2pi2F_RHBLhatx6ZWQFM-Q" \ 
 -H "Access-Token: 2cab054fa0dfd20d725ef46c533b537701c29d47ebea97893374d4e47714e49e2e331764e4f4a20d5e285dbb08af9566e14a8f597230bca6d9f5b3b2048a71f5" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 866" \ 
 -X GET "https://your.connector.url/api/priora/v1/transactions"

Example of request parameters

{"data":{"session_secret":"yPsetCyP7cGznvb9SDFC","account_id":"87","from_date":"2019-11-18T16:04:49.585Z","to_date":"2019-11-18T16:04:49.585Z"},"exp":1574093209}

Example of response

{"data":[{"id":"378","account_id":"241","amount":"38.85","currency_code":"GBP","description":"Test transaction","made_on":"2019-11-18T16:04:49.573Z","status":"posted","fees":[{}],"extra":{"mcc":"example_data.extra.mcc","original_amount":"38.85","original_currency_code":"GBP"}}]}

Request

GET https://your.connector.url/api/priora/v1/transactions

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

account_id

string, required

Specifies account for which transactions should be returned.

from_date

string, required

Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which transactions should be fetched. This value will be set to 90 days ago by default.

to_date

string, required

Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which transactions should be fetched. This value will always be the today’s date by default.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

data

array, required

Wrapper for the data.

string, required

Transaction identifier on Connector side.

amount

string, required

Transaction amount. Negative amounts must be signed by minus.

account_id

string, required

Identifier of account to which transaction belongs.

currency_code

string, required

Transaction currency code in ISO 4217. Can raise: UnknownCurrency

description

string, required

Transaction description. Allowed length: max: 4000 characters

made_on

string, required

Date on which transaction was initialized.

status

string, required

Transaction status. Allowed values: posted, pending

fees

array, optional

List of all fees applied to given payment. Default value: []

extra

hash, optional

Any additional information relevant to a payment. Default value: {}

mcc

string, optional

Merchant category code.

original_amount

float, optional

Transaction amount. Negative amounts must be signed by minus.

original_currency_code

string, optional

Transaction currency code in ISO 4217.

KYC

This endpoint is responsible for fetching personal data of PSU.

Fetch

Extract PSU’s personal data. Response should contain a JSON object representing a PSU.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieVBzZXRDeVA3Y0d6bnZiOVNERkMifSwiZXhwIjoxNzMyNDM2MTI4LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.QIXiePP2Xg2kwoWrKgrTgG4AFX_x9UAF--0u_cs0jRQ88D38lYHrcXilsZuJbUBXoOcCZWgD0DbjKZnE0GF5fABjOi1Xg97lxXprR7PggJWb9-bbLf7edy5Z4LW4WkHS6MUYbuUADu2IkYi_UwnWZQh1Dl8g87WzA0HUbbOftnMJtz8imGETlsIbveIpdsYTjZtWbMUP-mmp9BH74yAgB526QMZ9uOEwbNrVBapsEYBKTobJZabHAFX6OkIIOYcf1Q6SFjuwH399WSsVZuXv9Or7JGaPCw6uUB2o2kU_gj_Gx7MNRSCupsaFpXZaZBu9fdUgK5l2dhtVawsqaSi85Q" \ -H "Access-Token: 3a0b2f004410dca9713cd484a02bb565292e3945500334798274584c7448e9171d1ec9e3d74392792021a7698c7fdee0df041eccc9706871907686770f47833a" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 552" \ -X GET "https://your.connector.url/api/priora/v1/kyc"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoieVBzZXRDeVA3Y0d6bnZiOVNERkMifSwiZXhwIjoxNzMyNDM2MTI4LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.QIXiePP2Xg2kwoWrKgrTgG4AFX_x9UAF--0u_cs0jRQ88D38lYHrcXilsZuJbUBXoOcCZWgD0DbjKZnE0GF5fABjOi1Xg97lxXprR7PggJWb9-bbLf7edy5Z4LW4WkHS6MUYbuUADu2IkYi_UwnWZQh1Dl8g87WzA0HUbbOftnMJtz8imGETlsIbveIpdsYTjZtWbMUP-mmp9BH74yAgB526QMZ9uOEwbNrVBapsEYBKTobJZabHAFX6OkIIOYcf1Q6SFjuwH399WSsVZuXv9Or7JGaPCw6uUB2o2kU_gj_Gx7MNRSCupsaFpXZaZBu9fdUgK5l2dhtVawsqaSi85Q" \ 
 -H "Access-Token: 3a0b2f004410dca9713cd484a02bb565292e3945500334798274584c7448e9171d1ec9e3d74392792021a7698c7fdee0df041eccc9706871907686770f47833a" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 552" \ 
 -X GET "https://your.connector.url/api/priora/v1/kyc"

Example of request parameters

{"data":{"session_secret":"yPsetCyP7cGznvb9SDFC"},"exp":1574093209}

Example of response

{"data":{"name":"Example Name"}}

Request

GET https://your.connector.url/api/priora/v1/kyc

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

data

hash, required

Wrapper for the data.

name

string, optional

PSU’s full name.

Errors

Additional endpoints to be implemented on connector side to improve communication between Salt Edge PSD2 Compliance Solution and Connector.

Notify

This endpoint is responsible for receiving validation errors of responses which Connector sends to Salt Edge PSD2 Compliance Solution

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InJlcXVlc3QiOnsibWV0aG9kIjoiZGVsZXRlIiwidXJsIjoiaHR0cHM6Ly91c2VyLndpbGwuYmUvcmVkaXJlY3RlZC9oZXJlIiwiaGVhZGVycyI6e319LCJlcnJvciI6eyJlcnJvcl9tZXNzYWdlIjoic29tZXRoaW5nIHdlbnQgd3JvbmciLCJlcnJvcl9jbGFzcyI6IkludGVybmFsUHJvdmlkZXJFcnJvciJ9fSwiZXhwIjoxNzMyNDM2MTI4LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.QZjWupoGVD-sAFKYTNDzDYqYdlfWqmUhwzChZXNwLqoqUssQcHpgwYO8v2QaxTI2135CUJedwMndo-e2jQOjBVlo48D0dHTxdS9ktKaX873pqd2_LBnvedR_cjEa_gHeXPsHIZ2888XoGfnFQh_8PODErBnT74TqeZ9u6K85_m6ds4WQkuAhAvkkIJocfe-HzJ_C2vKa92nEkI1dYkgSjK8psQzzCfdc5yy-kcrGeU3fgPdqHle-P085iEMFz20_R4VMqO2NfQVKhNH6AFQxUbW3m_2ASnq9Xx5CFjJDkQ8plcP4O5H7_Lx2BW4nGkBGA9KvP3Dza97S0jNFMv8CmA" \ -H "Access-Token: b2077c5c020a5e262767aac63fdbc75fd64461afc660784fbc3451766f586bb4836e3405007c2caf497a1125ba58fb49be65b3c352285dea68328aded84e2f91" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Client-Id: 685" \ -X POST "https://your.connector.url/api/priora/v1/errors"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InJlcXVlc3QiOnsibWV0aG9kIjoiZGVsZXRlIiwidXJsIjoiaHR0cHM6Ly91c2VyLndpbGwuYmUvcmVkaXJlY3RlZC9oZXJlIiwiaGVhZGVycyI6e319LCJlcnJvciI6eyJlcnJvcl9tZXNzYWdlIjoic29tZXRoaW5nIHdlbnQgd3JvbmciLCJlcnJvcl9jbGFzcyI6IkludGVybmFsUHJvdmlkZXJFcnJvciJ9fSwiZXhwIjoxNzMyNDM2MTI4LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.QZjWupoGVD-sAFKYTNDzDYqYdlfWqmUhwzChZXNwLqoqUssQcHpgwYO8v2QaxTI2135CUJedwMndo-e2jQOjBVlo48D0dHTxdS9ktKaX873pqd2_LBnvedR_cjEa_gHeXPsHIZ2888XoGfnFQh_8PODErBnT74TqeZ9u6K85_m6ds4WQkuAhAvkkIJocfe-HzJ_C2vKa92nEkI1dYkgSjK8psQzzCfdc5yy-kcrGeU3fgPdqHle-P085iEMFz20_R4VMqO2NfQVKhNH6AFQxUbW3m_2ASnq9Xx5CFjJDkQ8plcP4O5H7_Lx2BW4nGkBGA9KvP3Dza97S0jNFMv8CmA" \ 
 -H "Access-Token: b2077c5c020a5e262767aac63fdbc75fd64461afc660784fbc3451766f586bb4836e3405007c2caf497a1125ba58fb49be65b3c352285dea68328aded84e2f91" \ 
 -H "Accept: application/json" \ 
 -H "Content-Type: application/json" \ 
 -H "Client-Id: 685" \ 
 -X POST "https://your.connector.url/api/priora/v1/errors"

Example of request parameters

{"data":{"request":{"method":"delete","url":"https://user.will.be/redirected/here","headers":{}},"error":{"error_message":"something went wrong","error_class":"InternalProviderError"}},"exp":1574093209}

Request

POST https://your.connector.url/api/priora/v1/errors

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`.
`Access-Token`	string, required	The token which is created by a connector as a result of successful authentication.
`Accept`	string, required	Media type that is acceptable for the response. Allowed values: application/json
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/json
`Client-Id`	integer, required	Client application identifier in Salt Edge PSD2 Compliance. Should be used to get public key for Authorization header validation.
`Consent-Id`	integer, optional	ID of the corresponding consent object as returned by an Account Information Consent Request.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

request

hash, required

Wrapper for the following data: url, method, headers.

method

string, required

Original method of the request. Allowed values: get, post, put, delete

url

url, required

Original url of the request.

headers

hash, required

Original headers of the request including Authorization header.

error

hash, required

Wrapper for the following data error_class, error_message.

error_class

string, required

Class of failure.

error_message

string, required

Conveys the reason of failure in human readable text.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response headers

Header	Type	Description
`Retry-After`	integer, optional	Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.

Response

Upon successful request, 200 status code should be returned.

Salt Edge Endpoints

Sessions

Success

Success callback should be sent to Salt Edge PSD2 Compliance when all required verification steps have been passed, and therefore access is granted.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiV3VSQ2p1Zlg5b1Z5eW12UFFRaV8iLCJiZW5lZmljaWFyeV9pZCI6IjQ5NCIsImlkZW50aWZpZXJzIjp7fX0sImV4cCI6MTczMjQzNjEyOSwiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.RyWsHCD98UnDIesRU-INMOjKagwchfF5YzMgH0cHlXu5UHCmNb5SvDGl_i48r-J0_u_R3cyugeIYYLWwlu_kVRJa8j8wPvFPpuCXJqSagx-xE4uhcky2zi_IjJncl7IoRLTePMgImm8MIIVOuf-Isd8l5x8mlbrzoZpiE8f0IUNziD6NGQkxLI22Gwpt-o35DOaETAajssegOryNanKqrEN2eb3dXQGpixeBoTlkS88GUkgQ-1pyqkNoMW-r-LpgQDEJ_tGNpiQDnd45ciACngZVtm-UpQxqQ_Ca3FLcRYFE0HN2nkROIkDDKc2epd3wAZ-gLnR66ugpgtha-mb1yA" \ -H "App-Id: qjQYP-jCx-8FBsZSgNVzIw" \ -H "App-Secret: -XeeN2UhtdphUGtI-FZpzg" \ -X POST "/api/connectors/v1/sessions/success"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiV3VSQ2p1Zlg5b1Z5eW12UFFRaV8iLCJiZW5lZmljaWFyeV9pZCI6IjQ5NCIsImlkZW50aWZpZXJzIjp7fX0sImV4cCI6MTczMjQzNjEyOSwiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.RyWsHCD98UnDIesRU-INMOjKagwchfF5YzMgH0cHlXu5UHCmNb5SvDGl_i48r-J0_u_R3cyugeIYYLWwlu_kVRJa8j8wPvFPpuCXJqSagx-xE4uhcky2zi_IjJncl7IoRLTePMgImm8MIIVOuf-Isd8l5x8mlbrzoZpiE8f0IUNziD6NGQkxLI22Gwpt-o35DOaETAajssegOryNanKqrEN2eb3dXQGpixeBoTlkS88GUkgQ-1pyqkNoMW-r-LpgQDEJ_tGNpiQDnd45ciACngZVtm-UpQxqQ_Ca3FLcRYFE0HN2nkROIkDDKc2epd3wAZ-gLnR66ugpgtha-mb1yA" \ 
 -H "App-Id: qjQYP-jCx-8FBsZSgNVzIw" \ 
 -H "App-Secret: -XeeN2UhtdphUGtI-FZpzg" \ 
 -X POST "/api/connectors/v1/sessions/success"

Example of request parameters

Example of response

{"data":{},"meta":{"time":"2019-11-18T16:04:48.773Z"}}

Request

POST /api/connectors/v1/sessions/success

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Authorization

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, optional

Wrapper for the data.

meta

hash, optional

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

Related Errors

Class	Code	Description
SessionClosed	400	Session specified in request is already closed and cannot be modified.
ConfigurationError	400	Missing configurations in dashboard.
SessionExpired	401	Found session is expired and cannot be processed anymore.
AuthorizationMissing	401	Authorization header is missing.
SessionNotFound	404	Session specified in request does not exist or cannot be retrieved.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Update

Update callback may be accessed multiple times in order to request multiple steps of authorization or to send other updates to Salt Edge PSD2 Compliance session.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiSHMteGM4b3pBV0xrMXh0X3pUNHYiLCJzdGF0dXMiOiJyZWRpcmVjdCIsImV4dHJhIjp7InJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSJ9LCJzZXNzaW9uX2V4cGlyZXNfYXQiOiIyMDIwLTAzLTA1VDE2OjQ0OjE5Ljk3N1oifSwiZXhwIjoxNzMyNDM2MTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.oTDwWZSsDXZ4SzjtRnaFusxVx3icIxOfqJtDPo5dsL7Ki1RkgUglyb7I3MRs3TggWHZcb-rwaJGgwBU_dt7YRsvhCrgHfpfmCmmS_vPNBgzn2i9KDf7I9ao9SaiEJXW7xdWPQE0qV7M_h4eotyMBKT_KnuuoXM6dyyywQoVa9w-NrgKJ__RDFzCSXc3Nx24cjrLCqiXzHVroJChjpkjSGSckqQv6liHhOmHi4xcvV7ZNvzLZxZs_YPlNHn3nETLtAjPMYkD4Hw50sZ-guD7UZEXxGGiEjZ5TXHG2ZBWc1yzvRmvkKfOeWfx0kepDHqKNaDOJ6ndox81jzpILgMqV9w" \ -H "App-Id: q5QE7Dqlpm1d5weLS5pn7w" \ -H "App-Secret: y8imt1cgG8x2zmBMrF-oxw" \ -X POST "/api/connectors/v1/sessions/update"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiSHMteGM4b3pBV0xrMXh0X3pUNHYiLCJzdGF0dXMiOiJyZWRpcmVjdCIsImV4dHJhIjp7InJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSJ9LCJzZXNzaW9uX2V4cGlyZXNfYXQiOiIyMDIwLTAzLTA1VDE2OjQ0OjE5Ljk3N1oifSwiZXhwIjoxNzMyNDM2MTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.oTDwWZSsDXZ4SzjtRnaFusxVx3icIxOfqJtDPo5dsL7Ki1RkgUglyb7I3MRs3TggWHZcb-rwaJGgwBU_dt7YRsvhCrgHfpfmCmmS_vPNBgzn2i9KDf7I9ao9SaiEJXW7xdWPQE0qV7M_h4eotyMBKT_KnuuoXM6dyyywQoVa9w-NrgKJ__RDFzCSXc3Nx24cjrLCqiXzHVroJChjpkjSGSckqQv6liHhOmHi4xcvV7ZNvzLZxZs_YPlNHn3nETLtAjPMYkD4Hw50sZ-guD7UZEXxGGiEjZ5TXHG2ZBWc1yzvRmvkKfOeWfx0kepDHqKNaDOJ6ndox81jzpILgMqV9w" \ 
 -H "App-Id: q5QE7Dqlpm1d5weLS5pn7w" \ 
 -H "App-Secret: y8imt1cgG8x2zmBMrF-oxw" \ 
 -X POST "/api/connectors/v1/sessions/update"

Example of request parameters

Example of response

{"data":{},"meta":{"time":"2019-11-18T16:04:48.853Z"}}

Request

POST /api/connectors/v1/sessions/update

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Authorization

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, optional

Wrapper for the data.

meta

hash, optional

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

Related Errors

Class	Code	Description
SessionClosed	400	Session specified in request is already closed and cannot be modified.
ConfigurationError	400	Missing configurations in dashboard.
SessionExpired	401	Found session is expired and cannot be processed anymore.
AuthorizationMissing	401	Authorization header is missing.
SessionNotFound	404	Session specified in request does not exist or cannot be retrieved.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Fail

Fail callback should be used when authorization process has been compromised for any reason: broken request, invalid credentials, etc.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiM1BRaXB1RFBvV3BhMTFGY1ZFVjYiLCJlcnJvcl9jbGFzcyI6IkludGVybmFsUHJvdmlkZXJFcnJvciIsImVycm9yX21lc3NhZ2UiOiJJbnRlcm5hbCBlcnJvciIsImV4dHJhIjp7fX0sImV4cCI6MTczMjQzNjEzMCwiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.j-gLZgqXzJycGFsHY_iNehGRosu4Up9dIdzCQb145-pCO2dz43E-Co_KiE-bUfcxrwtcFCxQxUXghDzI2esdtmb6NzIVR8aEKUPQKfGwiMdZYUaVfbFMblIAcv6gkjRhuC74KQrlyjo3pyQuVskHFzBDaprb4-aExpe575uTkrpSKzMR_NFm9QYh29k3EyBWzYB1I-I0J6Fg4wGEW-EA-VJ-t6V-lyXzkiuBR_86Q7PJ3q8IFMVW0P4nmgwsP0iolfnztacogL_dgK0GL8_ktODT8ozqaCOUxj9tw5Z8cV7Gmh-XFpylojDttR6KqLbLCaVxKrZZpt3hWBAd9DC_RQ" \ -H "App-Id: xU7SyhPrd95GAPSMNo_XMQ" \ -H "App-Secret: BVSkESo7zpRdzk_hWUUwCQ" \ -X POST "/api/connectors/v1/sessions/fail"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InNlc3Npb25fc2VjcmV0IjoiM1BRaXB1RFBvV3BhMTFGY1ZFVjYiLCJlcnJvcl9jbGFzcyI6IkludGVybmFsUHJvdmlkZXJFcnJvciIsImVycm9yX21lc3NhZ2UiOiJJbnRlcm5hbCBlcnJvciIsImV4dHJhIjp7fX0sImV4cCI6MTczMjQzNjEzMCwiaXNzIjoicHJpb3JhLnNhbHRlZGdlLmNvbSJ9.j-gLZgqXzJycGFsHY_iNehGRosu4Up9dIdzCQb145-pCO2dz43E-Co_KiE-bUfcxrwtcFCxQxUXghDzI2esdtmb6NzIVR8aEKUPQKfGwiMdZYUaVfbFMblIAcv6gkjRhuC74KQrlyjo3pyQuVskHFzBDaprb4-aExpe575uTkrpSKzMR_NFm9QYh29k3EyBWzYB1I-I0J6Fg4wGEW-EA-VJ-t6V-lyXzkiuBR_86Q7PJ3q8IFMVW0P4nmgwsP0iolfnztacogL_dgK0GL8_ktODT8ozqaCOUxj9tw5Z8cV7Gmh-XFpylojDttR6KqLbLCaVxKrZZpt3hWBAd9DC_RQ" \ 
 -H "App-Id: xU7SyhPrd95GAPSMNo_XMQ" \ 
 -H "App-Secret: BVSkESo7zpRdzk_hWUUwCQ" \ 
 -X POST "/api/connectors/v1/sessions/fail"

Example of request parameters

{"data":{"session_secret":"3PQipuDPoWpa11FcVEV6","error_class":"InternalProviderError","error_message":"Internal error","extra":{}},"exp":1574093208}

Example of response

{"data":{},"meta":{"time":"2019-11-18T16:04:48.710Z"}}

Request

POST /api/connectors/v1/sessions/fail

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance. Can raise: SessionNotFound, SessionClosed, SessionExpired, ActionNotAllowed

error_class

string, optional

Class of failure. Default value: InternalProviderError

error_message

string, optional

Conveys the reason of failure in human readable text. Default value: Internal error

extra

hash, optional

Extra details that should persist in the session. Default value: {}

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, optional

Wrapper for the data.

meta

hash, optional

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

Related Errors

Class	Code	Description
SessionClosed	400	Session specified in request is already closed and cannot be modified.
ConfigurationError	400	Missing configurations in dashboard.
SessionExpired	401	Found session is expired and cannot be processed anymore.
AuthorizationMissing	401	Authorization header is missing.
SessionNotFound	404	Session specified in request does not exist or cannot be retrieved.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Tokens

Index

Returns the list of access tokens issued by Provider for Salt Edge PSD2 Compliance Solution.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImtpbmQiOiJyZXZva2VkIiwiZnJvbV9pZCI6MzAyLCJmcm9tX2RhdGUiOiIyMDE5LTA4LTIwVDE2OjA0OjQ5LjAyMVoiLCJwZXJfcGFnZSI6NTAsImN1c3RvbWVyX2lkIjo4MjF9LCJleHAiOjE3MzI0MzYxMzAsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.IbMG3sug6SIojIxs2kVdDHvWFlBGjled0NZFAhxaUJFr2EtN6ZEeN_FTJ5GfPzGB4nuHTr9qI7oUZcuvGp8KKdMRJbqKB4Wog0zfFzbwclwfa19uL01hsFVOqrZlcnYyfwTiW6e_V0Urff9cNVi9ERt9EoDqs_6IaMb0IgFBOMCTnoqvmzuzmee260W2p_O5hM_RmDWRNKFlP4WxXVS0g9_UBS64anyRX3uaMrO6XqUxPNB4IoT0-QZXW5RR04qy9QT_hU3tKH2_6SLuAen_IPaJzXn9wZN0RcZrFip_ROvmTvMT3H3ExS04Av5SZMrCjjX3RQC2BEoyEcnsSmnfJQ" \ -H "App-Id: G9SgwyF-RdxsjCu3f3mLnw" \ -H "App-Secret: Az6qAhT6pdezVjAex58qqQ" \ -X GET "/api/connectors/v1/tokens/index"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImtpbmQiOiJyZXZva2VkIiwiZnJvbV9pZCI6MzAyLCJmcm9tX2RhdGUiOiIyMDE5LTA4LTIwVDE2OjA0OjQ5LjAyMVoiLCJwZXJfcGFnZSI6NTAsImN1c3RvbWVyX2lkIjo4MjF9LCJleHAiOjE3MzI0MzYxMzAsImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.IbMG3sug6SIojIxs2kVdDHvWFlBGjled0NZFAhxaUJFr2EtN6ZEeN_FTJ5GfPzGB4nuHTr9qI7oUZcuvGp8KKdMRJbqKB4Wog0zfFzbwclwfa19uL01hsFVOqrZlcnYyfwTiW6e_V0Urff9cNVi9ERt9EoDqs_6IaMb0IgFBOMCTnoqvmzuzmee260W2p_O5hM_RmDWRNKFlP4WxXVS0g9_UBS64anyRX3uaMrO6XqUxPNB4IoT0-QZXW5RR04qy9QT_hU3tKH2_6SLuAen_IPaJzXn9wZN0RcZrFip_ROvmTvMT3H3ExS04Av5SZMrCjjX3RQC2BEoyEcnsSmnfJQ" \ 
 -H "App-Id: G9SgwyF-RdxsjCu3f3mLnw" \ 
 -H "App-Secret: Az6qAhT6pdezVjAex58qqQ" \ 
 -X GET "/api/connectors/v1/tokens/index"

Example of request parameters

{"data":{"kind":"revoked","from_id":302,"from_date":"2019-08-20T16:04:49.021Z","per_page":50,"customer_id":821},"exp":1574093209}

Example of response

{"meta":{"next_id":303,"time":"2019-11-18T16:04:49.001Z"},"data":{"tokens":[]}}

Request

GET /api/connectors/v1/tokens/index

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

customer_id

integer, optional

PSU identifier on Salt Edge PSD2 Compliance side. Can raise: CustomerNotFound

kind

string, optional

Kind of token. Allowed values: active, recent, revoked

from_id

integer, optional

Return tokens starting with a specific id. Values greater than: 0

from_date

datetime, optional

Token from date. Default value: 90 days ago

per_page

integer, optional

Number of tokens that should be returned per request or less. Values in range between: 1 and 1000 Default value: 20

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

array, required

List of tokens issued by Salt Edge PSD2 Compliance Solution.

integer, required

ID of the token on Salt Edge PSD2 Compliance side.

priora_customer_id

integer, required

Customer ID on Salt Edge PSD2 Compliance side.

scopes

array, required

Set of permissions for access token.

status

string, required

Conveys current status of the operation.

token

string, required

Access token that will be used to access ASPSP data.

extra

hash, required

Extra details that should persist in the session.

token_expires_at

datetime, required

Token expiry date.

provider_code

string, required

Human readable Provider identifier.

created_at

datetime, required

Datetime of token creation on Salt Edge PSD2 Compliance side.

updated_at

datetime, required

Datetime of last token update on Salt Edge PSD2 Compliance side.

meta

hash, required

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

next_id

integer, optional

Id of the next entity used in paginated responses.

Related Errors

Class	Code	Description
ConfigurationError	400	Missing configurations in dashboard.
AuthorizationMissing	401	Authorization header is missing.
CustomerNotFound	404	PSU specified in request does not exist or cannot be retrieved.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Revoke

Revoke callback needs to be called any time a token is revoked on the Provider Connector side.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNzMyNDM2MTMwLCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.BNBzwX8OMA2D6ZW2kFKGUzge7Vnj10tJjHZFdal458qU91fsXW-ITdo63bcPC6PLZldrptvGnPZIWzoWh9JTbZVHFUvuSxwm3Yza8Unk-sQFY-eqF9OdK_ZPfP4xkU5dZAOCAeIXjv53SokRJtsCNwcQnEwdvsdFKsDweavnqb5wdL2sUcf9Tyc_gDDwEk2gMAU7xdj3_HlfmFIKUo6pHtTrluKID89XmpbDk3LXthdinqgxVQh9uolGKchJnClULIAqMMWVr-KfDEkb8a3HIYFSrT8JklypYZl_vlJn1qNXCaSbfTSRcHnPmnRM-0rlquNvRxjS8e8FY0V4yET2Kw" \ -H "App-Id: cfOK5P9RVooLksNv8il3rw" \ -H "App-Secret: rwkTbW41SPT55uo1I_-UGQ" \ -H "Token: example_Token" \ -X DELETE "/api/connectors/v1/tokens/revoke"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNzMyNDM2MTMwLCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.BNBzwX8OMA2D6ZW2kFKGUzge7Vnj10tJjHZFdal458qU91fsXW-ITdo63bcPC6PLZldrptvGnPZIWzoWh9JTbZVHFUvuSxwm3Yza8Unk-sQFY-eqF9OdK_ZPfP4xkU5dZAOCAeIXjv53SokRJtsCNwcQnEwdvsdFKsDweavnqb5wdL2sUcf9Tyc_gDDwEk2gMAU7xdj3_HlfmFIKUo6pHtTrluKID89XmpbDk3LXthdinqgxVQh9uolGKchJnClULIAqMMWVr-KfDEkb8a3HIYFSrT8JklypYZl_vlJn1qNXCaSbfTSRcHnPmnRM-0rlquNvRxjS8e8FY0V4yET2Kw" \ 
 -H "App-Id: cfOK5P9RVooLksNv8il3rw" \ 
 -H "App-Secret: rwkTbW41SPT55uo1I_-UGQ" \ 
 -H "Token: example_Token" \ 
 -X DELETE "/api/connectors/v1/tokens/revoke"

Example of request parameters

{"data":{},"exp":1574093208}

Example of response

{"data":{"revoked":true},"meta":{"time":"2019-11-18T16:04:48.928Z"}}

Request

DELETE /api/connectors/v1/tokens/revoke

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.
`Token`	string, required	Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, optional

Wrapper for the data.

revoked

boolean, required

Result of operation which tells whether the token was revoked or not.

meta

hash, optional

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

Related Errors

Class	Code	Description
ConfigurationError	400	Missing configurations in dashboard.
TokenMissing	400	This request cannot be performed without `TOKEN` header.
AuthorizationMissing	401	Authorization header is missing.
TokenNotFound	401	Token specified in request does not exist or cannot be retrieved.
TokenRevoked	401	Token specified in request is revoked and cannot be used anymore.
TokenExpired	401	Token specified in request is expired and cannot be used.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.

Clients

Info

All requests that are forwarded by Salt Edge PSD2 Compliance Solution are signed by TPP applications. Provider can decide whether to decode the original request by itself or use decoded payload by Salt Edge PSD2 Compliance Solution which is stored in client_payload key. In order to decode the client_jwt, Connector has to perform the following request to obtain TPP's public key. The client_id is present in Client-Id header along with Authorization header.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNsaWVudF9pZCI6NTE3fSwiZXhwIjoxNzMyNDM2MTMxLCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.Z9R2UF2GjbwORXoSKPdEZvE3TF0qn7eDhrgf_QROLvdTEbGBNU-m6wrJhRhQ5NodrWXDN8gp8wgr8rN7doy52CTWYIL3y9CnGH0F8FwcN24TsuUO13zSizn-FGA34rybmBB2afDQ-LTauN3_5sZuT460a6-DSjDKRRRGkmpAvUhzo8b-2c0m2hRFhnmESvxXw9aF8uzmxwWrjOSl_S30NphxpmEEL_5oYPDDNxQk3XQpDdUZ5KJWMfdRJDOXpZy_K0qMAuQjHMnF6Ki8Z-I1HYZWTvy79CP-T5YDci_v1-U05ZE40z0imUY578C2tSE6oPZXp5APMoXVeGupNyZfkQ" \ -H "App-Id: hAnmNmGFFBN3W_jNWJd_fQ" \ -H "App-Secret: h6rzA_lw2wVuCpDaBKlxAA" \ -X GET "/api/connectors/v1/clients/info"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNsaWVudF9pZCI6NTE3fSwiZXhwIjoxNzMyNDM2MTMxLCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.Z9R2UF2GjbwORXoSKPdEZvE3TF0qn7eDhrgf_QROLvdTEbGBNU-m6wrJhRhQ5NodrWXDN8gp8wgr8rN7doy52CTWYIL3y9CnGH0F8FwcN24TsuUO13zSizn-FGA34rybmBB2afDQ-LTauN3_5sZuT460a6-DSjDKRRRGkmpAvUhzo8b-2c0m2hRFhnmESvxXw9aF8uzmxwWrjOSl_S30NphxpmEEL_5oYPDDNxQk3XQpDdUZ5KJWMfdRJDOXpZy_K0qMAuQjHMnF6Ki8Z-I1HYZWTvy79CP-T5YDci_v1-U05ZE40z0imUY578C2tSE6oPZXp5APMoXVeGupNyZfkQ" \ 
 -H "App-Id: hAnmNmGFFBN3W_jNWJd_fQ" \ 
 -H "App-Secret: h6rzA_lw2wVuCpDaBKlxAA" \ 
 -X GET "/api/connectors/v1/clients/info"

Example of request parameters

{"data":{"client_id":517},"exp":1574093208}

Example of response

{"data":{"name":"Fentury","scopes":["accounts","transactions","kyc"],"public_key":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0\nFPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/\n3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB\n-----END PUBLIC KEY-----"},"meta":{"time":"2019-11-18T16:04:48.271Z"}}

Request

GET /api/connectors/v1/clients/info

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Provider's `app_id` from connection details tab. Can raise: ProviderNotFound, ProviderDisabled, ConfigurationError
`App-Secret`	string, required	Provider's `app_secret` from connection details tab.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

client_id

integer, required

Client application identifier.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, optional

Wrapper for the data.

name

string, required

Name of TPP registered in Salt Edge PSD2 Compliance Solution.

scopes

array, required

Available permissions for TPP.

public_key

string, required

Public key of TPP extacted form him eIDAS cerfiticate. Used to decode the ‘client_jwt’ from ‘original_request’ attribute.

meta

hash, optional

Wrapper for the response metadata.

time

datetime, required

Time when the request was processed.

Related Errors

Class	Code	Description
ConfigurationError	400	Missing configurations in dashboard.
AuthorizationMissing	401	Authorization header is missing.
ProviderNotFound	404	Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled	406	Cooperation with specified Provider is impossible.