JSON Web Token containing payload, signed using RSA256 and application.private_key.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Psu-Corporate-ID
string, optional
PSU corporate identifier (optional).
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
provider_code
string, required
Human readable Provider identifier.
app_name
string, required
TPP application name.
psu_ip_address
string, required
Ip Address of PSU.
redirect_url
url, required
The URL on which PSU should be redirected by TPP in order to perform authentication.
payment_ids
array, optional
Array of payment ids.
bulk_ids
array, optional
Array of bulk payment ids.
periodic_ids
array, optional
Array of periodic payment ids.
basket_id
integer, required
Signing Basket identification.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Accept
string, required
Media type that is acceptable for the response.
Allowed values:
application/json
Content-Type
string, required
The media type of the body of the request.
Allowed values:
application/json
Client-Id
integer, required
TPP application identifier in Salt Edge PSD2 Compliance.
Psu-Device-ID
string, optional
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
Psu-User-Agent
string, optional
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
Psu-Geo-Location
string, optional
The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
provider_code
string, required
Human readable Provider identifier.
app_name
string, required
TPP application name.
redirect_url
url, required
The URL on which PSU should be redirected by TPP in order to perform authentication.
basket_id
integer, required
Signing Basket identification.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response headers
Header
Type
Description
Retry-After
integer, optional
Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response
Upon successful request, 200 status code should be returned.
×
Salt Edge Endpoints
Sessions
Session Callback Endpoints are responsible for assuring communication between ASPSP and TPP, where ASPSP notifies about its Redirect SCA authorisation page and if the authorisation process is successful or failed.
Success
Success callback should be sent to Salt Edge PSD2 Compliance when all required verification steps have been passed, and therefore access is granted.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise:
AuthorizationMissing
App-Id
string, required
Provider's app_id from connection details tab.
Can raise:
ProviderNotFound, ProviderDisabled, ConfigurationError
App-Secret
string, required
Provider's app_secret from connection details tab.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
consent
hash, optional
Wrapper of consent.
Default value:
{"allPsd2"=>"allAccounts"}
Can raise:
RequestFormatInvalid
allPsd2
string, required
Only the value "allAccounts" is admitted.
Allowed values:
allAccounts
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
token
string, required
Access token that will be used to access ASPSP data. Token is an unique value which is linked to authenticated user.
consent
hash, required
Wrapper of consent.
Can raise:
RequestFormatInvalid
balances
array, required
Array of account's identifier for balances.
Default value:
[]
Can raise:
RequestFormatInvalid
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
bic
string, optional
Bank Identifier Code
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
bank_account_identifier
string, optional
Internal bank account identifier.
transactions
array, required
Array of account's identifier for transactions.
Default value:
[]
Can raise:
RequestFormatInvalid
iban
string, optional
International Bank Account Number
bban
string, optional
Basic Bank Account Number
msisdn
string, optional
A number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network.
bic
string, optional
Bank Identifier Code
masked_pan
string, optional
Primary Account Number (PAN) of a card in a masked form.
bank_account_identifier
string, optional
Internal bank account identifier.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
extra
hash, optional
Extra details that should persist in the session.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
user_id
string, required
PSU identifier on Connector side. Used to map PSU resource on Salt Edge PSD2 Compliance side to Connector one.
debtor_account
hash, optional
Wrapper for debtor data. If the debtor account was selected on ASPSP side this object must be indicated in request, containing the same debtor account identifiers as displayed to the end user in ASPSP interfaces.
iban
string, optional
International Bank Account Number
bic
string, optional
Bank Identifier Code
bban
string, optional
Basic Bank Account Number
sort_code
string, optional
Bank codes used in British and Irish banking systems.
swift_code
string, optional
Business Identifier Code.
bank_account_identifier
string, optional
Internal bank account identifier.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
data
hash, optional
Wrapper for the data.
meta
hash, optional
Wrapper for the response metadata.
time
datetime, required
Time when the request was processed.
Related Errors
Class
Code
Description
SessionClosed
400
Session specified in request is already closed and cannot be modified.
ConfigurationError
400
Missing configurations in dashboard.
SessionExpired
401
Found session is expired and cannot be processed anymore.
AuthorizationMissing
401
Authorization header is missing.
SessionFinalised
403
Session specified in request is already finalised and cannot be processed.
SessionNotFound
404
Session specified in request does not exist or cannot be retrieved.
ProviderNotFound
404
Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled
406
Cooperation with specified Provider is impossible.
Update
Update callback may be accessed multiple times in order to request multiple steps of authorization or to send other updates to Salt Edge PSD2 Compliance session.
JSON Web Token containing payload, signed using RSA256 and application.private_key.
Can raise:
AuthorizationMissing
App-Id
string, required
Provider's app_id from connection details tab.
Can raise:
ProviderNotFound, ProviderDisabled, ConfigurationError
App-Secret
string, required
Provider's app_secret from connection details tab.
Unpacked Request Authorization
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
accepted, received, valid, partiallyAuthorised, rejected, revokedByPsu, expired, terminatedByTpp, redirect
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
RCVD, RJCT, CANC, ACTC, ACTC, PATC
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
redirect, received, RCVD, ACTC, ACSC, ACSP, ACWC, ACCP, PDNG, PATC, ACWP, ACFC
funds_available
boolean, optional
Availability of funds within the payment initiation process. Mandatory for ASPSP after succesfull payment details validation.
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
data
hash, required
Wrapper for the data.
session_expires_at
datetime, optional
Session expiry time.
Default value:
5 minutes from now
sca_status
string, optional
Status of SCA.
Allowed values:
received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted
redirect_url
url, optional
The URL on which PSU should be redirected by TPP in order to perform authentication.
extra
hash, optional
Any data relevant to the transaction.
Default value:
{}
session_secret
string, required
Session identifier in Salt Edge PSD2 Compliance.
Can raise:
SessionNotFound, SessionClosed, SessionExpired, SessionFinalised
status
string, optional
Conveys current status of the operation.
Allowed values:
accepted, received, valid, partiallyAuthorised, rejected, revokedByPsu, expired, terminatedByTpp
exp
integer, required
The lifetime of the request in timestamp UTC format.
Values greater than:
Current time.
Response
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
data
hash, optional
Wrapper for the data.
meta
hash, optional
Wrapper for the response metadata.
time
datetime, required
Time when the request was processed.
Related Errors
Class
Code
Description
SessionClosed
400
Session specified in request is already closed and cannot be modified.
ConfigurationError
400
Missing configurations in dashboard.
SessionExpired
401
Found session is expired and cannot be processed anymore.
AuthorizationMissing
401
Authorization header is missing.
SessionFinalised
403
Session specified in request is already finalised and cannot be processed.
SessionNotFound
404
Session specified in request does not exist or cannot be retrieved.
ProviderNotFound
404
Provider specified in request does not exist or cannot be retrieved.
ProviderDisabled
406
Cooperation with specified Provider is impossible.
Fail
Fail callback should be used when authorization process has been compromised for any reason: broken request, invalid credentials, etc.
