These endpoints are responsible for implementing authentication and authorization of PSU. Process of token creation starts once PSU grants his consent to TPP. At the end of authorization, Connector should issue an access_token which can be used for furhter actions. You can find below sequence diagrams represeting oauth authorization flow.
BG OAuth Authentication Flow
Create
Create an access token with a set of access rights, named scopes. As a result, Connector should send an success, update or fail callback to Salt Edge PSD2 Compliance with the result of the operation, be it a success, fail or request for additional steps.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Psu-Corporate-ID
string, optional
PSU corporate identifier (optional).
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
authorization_type
string, required
Specifies authorization type that was used for token creation.
app_name
string, required
TPP application name.
provider_code
string, required
Human readable Provider identifier.
recurring_indicator
boolean, required
The value is true if the consent is for recurring access and false if the consent is for one-time access to the account information data.
valid_until
date, required
This parameter is requesting a valid until date for the requested consent. The dedicated interface supports the SCA exemption under the Article 10a of RTS on SCA. To avail of the 180-day SCA exemption, the newly created consents should contain the date value up to 180 days in future. The content is the local ASPSP date in ISODate Format, e.g. 2022-10-30
Values greater than:
2024-11-25
redirect_url
url, required
The URL that the PSU will be redirected to after he finishes the authentication process on provider’s side.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
frequency_per_day
integer, optional
This field indicates the requested maximum frequency for access per day.
access
hash, optional
Requested access to services.
allPsd2
string, required
Only the value "allAccounts" is admitted.
Allowed values:
allAccounts
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
authorization_type
string, required
Specifies authorization type that was used for token creation.
app_name
string, required
TPP application name.
provider_code
string, required
Human readable Provider identifier.
recurring_indicator
boolean, required
The value is true if the consent is for recurring access and false if the consent is for one-time access to the account information data.
valid_until
date, required
This parameter is requesting a valid until date for the requested consent. The dedicated interface supports the SCA exemption under the Article 10a of RTS on SCA. To avail of the 180-day SCA exemption, the newly created consents should contain the date value up to 180 days in future. The content is the local ASPSP date in ISODate Format, e.g. 2022-10-30
Values greater than:
2024-11-25
redirect_url
url, required
The URL that the PSU will be redirected to after he finishes the authentication process on provider’s side.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
frequency_per_day
integer, optional
This field indicates the requested maximum frequency for access per day.
access
hash, required
Requested access to services.
balances
array, required
Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the array for transactions shall be empty, if used.
Default value:
[]
transactions
array, required
Is asking for transactions of the addressed accounts. If the array is empty, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the array for balances shall be empty, if used.
Default value:
[]
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
data
hash, optional
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
redirect_url
url, required
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any additional information relevant to a payment.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
accepted, received, valid, partiallyAuthorised, rejected, revokedByPsu, expired, terminatedByTpp, redirect
Revoke
Revoke an already existing and active access token.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
provider_code
string, required
Human readable Provider identifier.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code with an empty JSON "{}" should be returned.
×
AIS
This endpoint is responsible for refreshing account information on connector side.
Refresh
In case the connector uses a different database from Core Banking, this endpoint enables the process of refreshing accounts and transactions on connector side before sending them to Salt Edge PSD2 Compliance Solution.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
provider_code
string, required
Human readable Provider identifier.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code with an empty JSON "{}" should be returned.
×
Accounts
Account Information Endpoints are responsible for the access to account identification data, account balances and account transactions history.
Get
Fetch list of accounts belonging to a PSU and all relevant information about them.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
data
array, required
Wrapper for the data.
Can raise:
RequestFormatInvalid
id
string, required
Account identifier on Connector.
name
string, required
Human readable account name.
iban
string, optional
International Bank Account Number
extra
hash, optional
Any additional information relevant to the account.
Default value:
{}
currency
string, required
Account currency code from ISO 4217.
Can raise:
ResourceUnknown
cash_account_type
string, required
ExternalCashAccountType1Code from ISO 20022.
Allowed values:
CACC, CASH, CISH, COMM, CPAC, LLSV, LOAN, MGLD, MOMA, NREX, ODFT, ONDP, OTHR, SACC, SLRY, SVGS, TAXE, TRAN, TRAS
sort_code
string, optional
Bank codes used in British and Irish banking systems.
product
string, optional
Product Name of the Bank for this account, proprietary definition.
bban
string, optional
Basic Bank Account Number
bic
string, optional
Bank Identifier Code
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
Name of the legal account owner. If there is more than one owner, then e.g. two names might be noted here. For a corporate account, the corporate name is used for this attribute.
bank_account_identifier
string, optional
Internal bank account identifier.
balances
array, optional
Wrapper for balances.
type
string, required
Name values of ExternalBalanceType1code from ISO 20022.
Allowed values:
closingBooked, expected, openingBooked, interimAvailable, forwardAvailable, interimBooked, openingAvailable, previouslyClosedBooked, closingAvailable, information
currency
string, required
Currency code of balance from ISO 4217.
Can raise:
ResourceUnknown
amount
string, required
Amount of balance.
credit_limit_included
boolean, optional
A flag indicating if the credit limit of the corresponding account is included in the calculation of the balance, where applicable.
last_change_date_time
datetime, optional
Balance last change time in ISO 8601 format.
reference_date
date, optional
Reference date of the balance.
last_committed_transaction
string, optional
EntryReference of the last committed transaction to support the TPP in identifying whether all PSU transactions are already known.
Transactions
This endpoint is responsible for fetching transactions which belong to requested account.
{"data":[{"id":"214","amount":"144","currency":"USD","status":"booked","creditor_details":{"name":"John Smith","account":{"iban":"FK54RAND61068428514573","bban":"4210 3213 3211","currency":"USD","masked_pan":"************3241","msisdn":"447912345678"}},"debtor_details":{"name":"Franklin Smith","account":{"iban":"FK54RAND610684285145421","bban":"4210 3213 3212","currency":"USD","masked_pan":"************3241","msisdn":"447912345314"}},"remittance_information":{"structured":"Example of remittance information structured","unstructured":"Example of remittance information unstructured"},"currency_exchange":[{"contract_identification":"Example of contract identification","exchange_rate":"0.12","quotation_date":"2019-12-13","source_currency":"USD","target_currency":"USD","unit_currency":"USD"}],"extra":{"check_id":"41412","mandate_id":"512314251","bank_transaction_code":"GGN5151MGM415","entry_reference":"Example of entry reference","purpose_code":"Example of purpose code","proprietary_bank_transaction_code":"Example of proprietary bank transaction code","additional_information":"Example of additional information","ultimate_creditor":"Example of ultimate creditor","ultimate_debtor":"Example of ultimate debtor"},"value_date":"2019-08-11","booking_date":"2019-08-12"}],"meta":{"next_id":"151"}}
{"data":[{"id":"214","amount":"144","currency":"USD","status":"booked","creditor_details":{"name":"John Smith","account":{"iban":"FK54RAND61068428514573","bban":"4210 3213 3211","currency":"USD","masked_pan":"************3241","msisdn":"447912345678"}},"debtor_details":{"name":"Franklin Smith","account":{"iban":"FK54RAND610684285145421","bban":"4210 3213 3212","currency":"USD","masked_pan":"************3241","msisdn":"447912345314"}},"remittance_information":{"structured":"Example of remittance information structured","unstructured":"Example of remittance information unstructured"},"currency_exchange":[{"contract_identification":"Example of contract identification","exchange_rate":"0.12","quotation_date":"2019-12-13","source_currency":"USD","target_currency":"USD","unit_currency":"USD"}],"extra":{"check_id":"41412","mandate_id":"512314251","bank_transaction_code":"GGN5151MGM415","entry_reference":"Example of entry reference","purpose_code":"Example of purpose code","proprietary_bank_transaction_code":"Example of proprietary bank transaction code","additional_information":"Example of additional information","ultimate_creditor":"Example of ultimate creditor","ultimate_debtor":"Example of ultimate debtor"},"value_date":"2019-08-11","booking_date":"2019-08-12"}],"meta":{"next_id":"151"}}
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
account_id
string, required
Account ID.
from_date
date, required
Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which transactions should be fetched. This value will be set to 90 days ago by default.
Default value:
90 days ago.
to_date
date, required
Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which transactions should be fetched. This value will always be the today’s date by default.
Default value:
Today.
from_id
string, optional
Return transactions starting with a specific id.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
data
array, required
Wrapper for the data.
id
string, required
Unique transaction identifier on Connector side.
amount
string, required
Transaction amount. Negative amounts are signed by minus.
status
string, required
Conveys current status of the operation.
Allowed values:
booked, pending
currency
string, required
Account currency code from ISO 4217.
Can raise:
ResourceUnknown
end_to_end_id
string, optional
Unique end to end identity.
creditor_details
hash, optional
Wrapper for creditor details.
Default value:
{}
name
string, optional
Name of the creditor for a "Debited" transaction.
account
hash, optional
Wrapper of creditor's account data.
Default value:
{}
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
currency
string, optional
Account currency code from ISO 4217.
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
sort_code
string, optional
Bank codes used in British and Irish banking systems.
debtor_details
hash, optional
Wrapper for debtor details.
Default value:
{}
name
string, optional
Name of the debtor for a "Credited" transaction.
account
hash, optional
Wrapper of debtor's account data.
Default value:
{}
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
currency
string, optional
Account currency code from ISO 4217.
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
sort_code
string, optional
Bank codes used in British and Irish banking systems.
remittance_information
hash, optional
Reference as contained in the unstructured and structured remittance reference structure.
Default value:
{}
structured
string, optional
Reference as contained in the structured remittance reference structure (without the surrounding XML structure).
unstructured
string, optional
Reference as contained in the unstructured remittance reference structure.
currency_exchange
array, optional
Original currency exchange contracts.
Default value:
[]
contract_identification
string, optional
Identification code of exchange operation.
exchange_rate
string, optional
For card accounts, only one exchange rate is used.
quotation_date
date, optional
Placed date on a quotation for products or services after which the quoted price is no longer enforceable.
source_currency
string, optional
ISO 4217 currency from which an amount is to be converted in a currency conversion.
target_currency
string, optional
ISO 4217 currency into which an amount is to be converted in a currency conversion.
unit_currency
string, optional
The value of two currencies relative to each other.
extra
hash, optional
Any additional information relevant to a payment.
Default value:
{}
check_id
string, optional
Identification of a Cheque.
mandate_id
string, optional
Identification of Mandates, e.g. a SEPA Mandate ID.
bank_transaction_code
string, optional
Bank transaction code as used by the ASPSP and using the sub-elements of this structured code defined by ISO20022.
entry_reference
string, optional
Is the identification of the transaction as used e.g. for reference for deltafunction on application level. The same identification as for example used within camt.05x messages.
purpose_code
string, optional
ExternalPurpose1Code from ISO 20022.
proprietary_bank_transaction_code
string, optional
Proprietary bank transaction code as used within a community or within an ASPSP e.g. for MT94x based transaction reports.
additional_information
string, optional
Additional details given for the related transaction.
ultimate_creditor
string, optional
The ultimate party to which an amount of money is due. The ultimate creditor could be the same as creditor or it could be different, such as the seller.
creditor_id
string, optional
Identification of Creditors, e.g. a SEPA Creditor ID.
ultimate_debtor
string, optional
The ultimate party that owes an amount of money to the (ultimate) creditor, such as the buyer of services or goods.
debtor_id
string, optional
Debtor ID.
original_amount
hash, optional
Original amount of the transaction at the Point of Interaction in original currency.
currency
string, optional
Account currency code from ISO 4217.
amount
string, optional
Original amount of the transaction at the Point of Interaction in original currency. Negative amounts must be signed by minus.
ultimate_creditor_id
string, optional
Ultimate Creditor ID.
ultimate_debtor_id
string, optional
Ultimate Debtor ID.
transaction_timestamp
datetime, optional
Execution datetime of the record.
icelandic_purpose
hash, optional
Standardised definition of transaction used in the Iceland market to define the purpose of the transaction.
Default value:
{}
code
string, optional
Describes purpose of the transaction using Icelandic text keys.
description
string, optional
Text description of the transaction purpose.
category
string, optional
Transaction category.
transaction_type
string, optional
Transaction type.
purpose_code
string, optional
ExternalPurpose1Code from ISO 20022.
value_date
date, required
The Date at which assets become available to the account owner in case of a credit in ISO 8601: “yyyy-mm-dd” format.
booking_date
date, optional
The Date when an entry is posted to an account on the ASPSPs books in ISO 8601: “yyyy-mm-dd” format.
meta
hash, optional
Wrapper for the response metadata.
Default value:
{}
next_id
string, optional
Id of the next entity used in paginated responses.
×
Card Accounts
Card account Information Endpoints are responsible for the access to card account identification data and card account transactions history.
Get
Fetch list of card accounts belonging to a PSU and all relevant information about them.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
data
array, required
Wrapper for the data.
Can raise:
RequestFormatInvalid
id
string, required
Card account identifier on Connector.
name
string, required
Human readable card account name.
masked_pan
string, required
Primary Account Number (PAN) of a card in a masked form.
currency
string, required
Account currency code from ISO 4217.
Can raise:
ResourceUnknown
product
string, optional
Product Name of the Bank for this account, proprietary definition.
status
string, required
Conveys current status of the operation.
Allowed values:
enabled, deleted, blocked
credit_limit
hash, optional
Wrapper of credit limit.
currency
string, optional
Account currency code from ISO 4217.
amount
string, optional
Amount of credit limit.
balances
array, required
Wrapper for balances.
balance_type
string, optional
Name values of ExternalBalanceType1code from ISO 20022.
Allowed values:
closingBooked, expected, openingBooked, interimAvailable, forwardAvailable, interimBooked, openingAvailable, previouslyClosedBooked, closingAvailable, information
balance_amount
hash, optional
Wrapper for balance amount.
currency
string, optional
Account currency code from ISO 4217.
amount
string, optional
Amount of balance.
extra
hash, optional
Any additional information relevant to a payment.
Default value:
{}
usage
string, optional
Specifications that might be provided by the ASPSP
characteristics of the account
characteristics of the relevant card
Allowed values:
PRIV, ORGA
details
string, optional
Any characteristics offered by ASPSP.
Transactions
Read transaction reports or transaction lists of a given card account addressed by account-id.
{"data":[{"id":"214","terminal_id":"example-of-terminal-id","transaction_date":"2020-02-12","booking_date":"2020-02-12","status":"booked","currency":"EUR","amount":"123","currency_exchange":[{"source_currency":"EUR","exchange_rate":"0.15","unit_currency":"0.12","target_currency":"EUR","quotation_date":"2020-02-12","contract_identification":"Example of contract identification"}],"original_amount":{"currency":"EUR","amount":"123"},"markup_fee":{"currency":"EUR","amount":"123"},"markup_fee_percentage":"0.3","card_acceptor_id":"example-of-acceptor-id","card_acceptor_address":{"street":"rue blue","building_number":"89","city":"Paris","postal_code":"75000","country":"FR"},"merchant_category_code":"example-of-merchant-category-code","masked_pan":"************3241","transaction_details":"Example of details","invoiced":true,"proprietary_bank_transaction_code":"example-code"}],"meta":{"next_id":"151"}}
{"data":[{"id":"214","terminal_id":"example-of-terminal-id","transaction_date":"2020-02-12","booking_date":"2020-02-12","status":"booked","currency":"EUR","amount":"123","currency_exchange":[{"source_currency":"EUR","exchange_rate":"0.15","unit_currency":"0.12","target_currency":"EUR","quotation_date":"2020-02-12","contract_identification":"Example of contract identification"}],"original_amount":{"currency":"EUR","amount":"123"},"markup_fee":{"currency":"EUR","amount":"123"},"markup_fee_percentage":"0.3","card_acceptor_id":"example-of-acceptor-id","card_acceptor_address":{"street":"rue blue","building_number":"89","city":"Paris","postal_code":"75000","country":"FR"},"merchant_category_code":"example-of-merchant-category-code","masked_pan":"************3241","transaction_details":"Example of details","invoiced":true,"proprietary_bank_transaction_code":"example-code"}],"meta":{"next_id":"151"}}
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Access-Token
string, required
The token which is created by a connector as a result of successful authentication.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Consent-Id
integer, optional
ID of the corresponding consent object.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
account_id
string, required
Account ID.
from_date
date, required
Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which transactions should be fetched. This value will be set to 90 days ago by default.
Default value:
90 days ago.
to_date
date, required
Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which transactions should be fetched. This value will always be the today’s date by default.
Default value:
Today.
from_id
string, optional
Return card's transactions starting with a specific id.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
data
array, required
Wrapper for the data.
id
string, required
Unique transaction identifier on Connector side.
terminal_id
string, optional
Identification of the Terminal, where the card has been used.
transaction_date
date, required
Date of the actual card transaction in ISO 8601: “yyyy-mm-dd” format.
booking_date
date, optional
The Date when an entry is posted to an account on the ASPSPs books in ISO 8601: “yyyy-mm-dd” format.
status
string, required
Conveys current status of the operation.
Allowed values:
booked, pending
currency
string, required
Account currency code from ISO 4217.
Can raise:
ResourceUnknown
amount
string, required
The amount of the transaction as billed to the card account. Negative amounts must be signed by minus.
currency_exchange
array, optional
Original currency exchange contracts.
Default value:
[]
source_currency
string, optional
ISO 4217 currency from which an amount is to be converted in a currency conversion.
exchange_rate
string, optional
For card accounts, only one exchange rate is used.
unit_currency
string, optional
The value of two currencies relative to each other.
target_currency
string, optional
ISO 4217 currency into which an amount is to be converted in a currency conversion.
quotation_date
date, optional
Placed date on a quotation for products or services after which the quoted price is no longer enforceable.
contract_identification
string, optional
Identification code of exchange operation.
original_amount
hash, optional
Original amount of the transaction at the Point of Interaction in original currency. Negative amounts must be signed by minus.
Default value:
{}
currency
string, optional
Account currency code from ISO 4217.
amount
string, optional
The amount of the transaction as billed to the card account. Negative amounts must be signed by minus.
markup_fee
hash, optional
Any fee related to the transaction in billing currency.
Default value:
{}
currency
string, optional
Account currency code from ISO 4217.
amount
string, optional
The amount of the transaction as billed to the card account. Negative amounts must be signed by minus.
markup_fee_percentage
string, optional
Percentage of the involved transaction fee in relation to the billing amount, e.g. "0.3" for 0,3%.
card_acceptor_id
string, optional
Identification of the Card Acceptor (e.g. merchant) as given in the related card transaction."
card_acceptor_address
hash, optional
Address of the Card Acceptor as given in the related card transaction.
Default value:
{}
street
string, optional
Street of Card Acceptor.
building_number
string, optional
Building number of Card Acceptor.
city
string, optional
City of Card Acceptor.
postal_code
string, optional
Postal code of Card Acceptor.
country
string, optional
Country code of Card Acceptor.
merchant_category_code
string, optional
Merchant Category Code of the Card Acceptor as given in the related card transaction.
masked_pan
string, optional
The masked PAN of the card used in the transaction.
transaction_details
string, required
Additional details given for the related card transactions.
invoiced
boolean, optional
Flag indicating whether the underlying card transaction is already invoiced.
Allowed values:
true, false
proprietary_bank_transaction_code
string, optional
Proprietary bank transaction code as used within a community or within an ASPSP e.g. for MT94x based transaction reports.
meta
hash, optional
Wrapper for the response metadata.
Default value:
{}
next_id
string, optional
Id of the next entity used in paginated responses.
×
Salt Edge Endpoints
Sessions
Session Callback Endpoints are responsible for assuring communication between ASPSP and TPP, where ASPSP notifies about its Redirect SCA authorisation page and if the authorisation process is successful or failed.
Success
Success callback should be sent to Salt Edge PSD2 Compliance when all required verification steps have been passed, and therefore access is granted.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise:
AuthorizationMissing
App-Id
string, required
Provider's app_id from connection details tab.
Can raise:
ProviderNotFound, ProviderDisabled, ConfigurationError
App-Secret
string, required
Provider's app_secret from connection details tab.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
consent
hash, optional
Wrapper of consent.
Default value:
{"allPsd2"=>"allAccounts"}
Can raise:
RequestFormatInvalid
allPsd2
string, required
Only the value "allAccounts" is admitted.
Allowed values:
allAccounts
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
consent
hash, required
Wrapper of consent.
Can raise:
RequestFormatInvalid
balances
array, required
Array of account's identifier for balances.
Default value:
[]
Can raise:
RequestFormatInvalid
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
bic
string, optional
Bank Identifier Code
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
bank_account_identifier
string, optional
Internal bank account identifier.
transactions
array, required
Array of account's identifier for transactions.
Default value:
[]
Can raise:
RequestFormatInvalid
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
bic
string, optional
Bank Identifier Code
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
bank_account_identifier
string, optional
Internal bank account identifier.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
debtor_account
hash, optional
Wrapper for debtor data. If the debtor account was selected on ASPSP side this object must be indicated in request, containing the same debtor account identifiers as displayed to the end user in ASPSP interfaces.
iban
string, optional
International Bank Account Number
bic
string, optional
Bank Identifier Code
bban
string, optional
Basic Bank Account Number
sort_code
string, optional
Bank codes used in British and Irish banking systems.
swift_code
string, optional
Business Identifier Code.
bank_account_identifier
string, optional
Internal bank account identifier.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
data
hash, optional
Wrapper for the data.
meta
hash, optional
Wrapper for the response metadata.
time
datetime, required
Time when the request was processed.
Related Errors
Class
Code
Description
SessionClosed
400
Session specified in request is already closed and cannot be modified.
ConfigurationError
400
Missing configurations in dashboard.
SessionExpired
401
Found session is expired and cannot be processed anymore.
AuthorizationMissing
401
Authorization header is missing.
SessionFinalised
403
Session specified in request is already finalised and cannot be processed.
SessionNotFound
404
Session specified in request does not exist or cannot be retrieved.
ProviderNotFound
404
Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled
406
Cooperation with specified Provider is impossible.
Update
Update callback may be accessed multiple times in order to request multiple steps of authorization or to send other updates to Salt Edge PSD2 Compliance session.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise:
AuthorizationMissing
App-Id
string, required
Provider's app_id from connection details tab.
Can raise:
ProviderNotFound, ProviderDisabled, ConfigurationError
App-Secret
string, required
Provider's app_secret from connection details tab.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
accepted, received, valid, partiallyAuthorised, rejected, revokedByPsu, expired, terminatedByTpp, redirect
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
RCVD, RJCT, CANC, ACTC, ACTC, PATC
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
redirect, received, RCVD, ACTC, ACSC, ACSP, ACWC, ACCP, PDNG, PATC, ACWP, ACFC
funds_available
boolean, optional
Availability of funds within the payment initiation process. Mandatory for ASPSP after succesfull payment details validation.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
accepted, received, valid, partiallyAuthorised, rejected, revokedByPsu, expired, terminatedByTpp
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
data
hash, optional
Wrapper for the data.
meta
hash, optional
Wrapper for the response metadata.
time
datetime, required
Time when the request was processed.
Related Errors
Class
Code
Description
SessionClosed
400
Session specified in request is already closed and cannot be modified.
ConfigurationError
400
Missing configurations in dashboard.
SessionExpired
401
Found session is expired and cannot be processed anymore.
AuthorizationMissing
401
Authorization header is missing.
SessionFinalised
403
Session specified in request is already finalised and cannot be processed.
SessionNotFound
404
Session specified in request does not exist or cannot be retrieved.
ProviderNotFound
404
Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled
406
Cooperation with specified Provider is impossible.
Fail
Fail callback should be used when authorization process has been compromised for any reason: broken request, invalid credentials, etc.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise:
AuthorizationMissing
App-Id
string, required
Provider's app_id from connection details tab.
Can raise:
ProviderNotFound, ProviderDisabled, ConfigurationError
App-Secret
string, required
Provider's app_secret from connection details tab.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
error_class
string, optional
Class of failure.
Default value:
InternalProviderError
error_message
string, optional
Conveys the reason of failure in human readable text.
Default value:
Internal error
user_id
string, optional
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
status
string, optional
Conveys current status of the operation.
Allowed values:
RJCT, CANC
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
data
hash, optional
Wrapper for the data.
meta
hash, optional
Wrapper for the response metadata.
time
datetime, required
Time when the request was processed.
Related Errors
Class
Code
Description
SessionClosed
400
Session specified in request is already closed and cannot be modified.
ConfigurationError
400
Missing configurations in dashboard.
SessionExpired
401
Found session is expired and cannot be processed anymore.
AuthorizationMissing
401
Authorization header is missing.
SessionFinalised
403
Session specified in request is already finalised and cannot be processed.
SessionNotFound
404
Session specified in request does not exist or cannot be retrieved.
ProviderNotFound
404
Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled
406
Cooperation with specified Provider is impossible.
×
Tokens
Token Endpoints allow Connector to perform operations like getting the list of all tokens created by a specific PSU and revoking them. This endpoints prove to be useful in case ASPSP decides to give PSU the possibility to control and revoke consents using his personal Web-Banking Dashboard.
Index
Returns the list of access tokens issued by Provider for Salt Edge PSD2 Compliance Solution.
