Authorisation statuses
The current stage of the authorisation lifecycle is represented in
field. The status of the authorisation can be one of the following:
Name | Description |
accepted | An authorisation or cancellation-authorisation resource has been created successfully on Salt Edge PSD2 Compliance's side and was sent to ASPSP. |
received | An authorisation or cancellation-authorisation resource has been created successfully on ASPSP's side. |
psuIdentified | The PSU related to the authorisation or cancellation-authorisation resource has been identified. |
psuAuthenticated | The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. |
scaMethodSelected | The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of "received". |
started | The addressed SCA routine has been started. |
unconfirmed | SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. |
finalised | The SCA routine has been finalised successfully (including a potential confirmation command). This is a final status of the authorisation resource. |
failed | The SCA routine failed. This is a final status of the authorisation resource. |
exempted | SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource. |
Consent statuses
The current stage of a consent lifecycle is represented in
field. The status of a consent can be one of the following:
Name | Description |
accepted | The consent data has been received on Salt Edge PSD2 Compliance's side. The data is not received on ASPSP's side yet. |
received | The consent data has been received on ASPSP's side and are technically correct. The data is not authorised yet. |
valid | The consent is accepted and valid for GET account data calls and others as specified in the consent object. |
partiallyAuthorised | The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. |
rejected | The consent data has been rejected e.g. since no successful authorisation has taken place. |
revokedByPsu | The consent has been revoked by the PSU towards the ASPSP. |
expired | The consent has expired. |
terminatedByTpp | The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource. |
This method returns the SCA status of a consent initiation's authorisation subresource.
curl -i \
-H "Content-Type: application/json" \
-H "X-Request-ID: cc5a8022-5e71-460e-82fa-ab0be1997a54" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 414" \
-H "Psu-Corporate-ID: 4142" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/consents/:consent_id/authorisations/:authorisation_id"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
Read the status of an account information consent resource.
curl -i \
-H "Content-Type: application/json" \
-H "X-Request-ID: cc5a8022-5e71-460e-82fa-ab0be1997a54" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 531" \
-H "Psu-Corporate-ID: 511" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/consents/:consent_id/status"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
Returns the content of an account information consent object. This returns the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a redirect SCA Approach.
curl -i \
-H "Content-Type: application/json" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 421" \
-H "Psu-Corporate-ID: 653" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/consents/:consent_id"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
This method creates a consent resource, defining access rights to dedicated accounts of a given PSU-ID. These accounts are addressed explicitly in the method as parameters as a core function.
curl -i \
-H "TPP-Redirect-URI:" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 535" \
-H "Psu-Corporate-ID: 4111" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-H "TPP-Redirect-Preferred: false" \
-d '{
"recurringIndicator": true,
"frequencyPerDay": 2,
"validUntil": "2019-12-27",
"access": {
"balances": [],
"transactions": []
}' \
-X POST "/:provider_code/api/berlingroup/v1/consents"
Example of parameters
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
boolean, required | If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. Can raise: BadRequest |
string, optional | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is strongly recommended to add a unique identifier for validation purposes on TPP side. |
Request parameters
Upon successful request, 201 status code will be returned.
Related Errors
Class | Code | Description |
RequestFormatInvalid | 400 | Request format is wrong. Details are stored in error_message |
BadRequest | 400 | Given value is invalid. |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
This method deletes a consent.
curl -i \
-H "Content-Type: application/json" \
-H "X-Request-ID: cc5a8022-5e71-460e-82fa-ab0be1997a54" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 531" \
-H "Psu-Corporate-ID: 511" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-d '{}' \
-X DELETE "/:provider_code/api/berlingroup/v1/consents/:consent_id"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
Request parameters
Upon successful request, 204 status code will be returned.
Related Errors
Class | Code | Description |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
Account statuses
The current stage of a account lifecycle is represented in
field. The status of a account can be one of the following:
Name | Description |
enabled | Account is available. |
deleted | Account is terminated. |
blocked | Account is blocked e.g. for legal reasons. |
Read transaction reports or transaction lists of a given account addressed by account_id
, depending on the steering parameter bookingStatus
together with balances.
curl -i \
-H "Consent-Id: 42" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 53" \
-H "Psu-Corporate-ID: 432" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{
"dateFrom": "2018-09-11",
"dateTo": "2019-09-11",
"bookingStatus": "both"
}' \
-X GET "/:provider_code/api/berlingroup/v1/accounts/:account_id/transactions"
Example of parameters
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
FormatError | 400 | Invalid input. More info in error_message |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed details of this account depends on the stored consent addressed by consentId.
curl -i \
-H "Consent-Id: 34" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 41" \
-H "Psu-Corporate-ID: 412" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/accounts/:account_id"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.
It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of accounts depends on the PSU ID and the stored consent addressed by consentId.
Returns all identifiers of the accounts, to which an account access has been granted to through the /consents endpoint by the PSU. In addition, relevant information about the accounts and hyperlinks to corresponding account information resources are provided if a related consent has been already granted.
Remark: Note that the /consents
endpoint optionally offers to grant an access on all available payment accounts of a PSU. In this case, this endpoint will deliver the information about all available payment accounts of the PSU at this ASPSP.
curl -i \
-H "Consent-Id: 32" \
-H "X-Request-ID: cc5a8022-5e71-460e-82fa-ab0be1997a54" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 541" \
-H "Psu-Corporate-ID: 4124" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{
"withBalance": true
}' \
-X GET "/:provider_code/api/berlingroup/v1/accounts"
Example of parameters
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
Reads account data from a given account addressed by account_id
curl -i \
-H "Consent-Id: 42" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 53" \
-H "Psu-Corporate-ID: 432" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/accounts/:account_id/balances"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
ResourceUnknown | 404 | The addressed resource is unknown relative to the TPP. |
Refresh Data
Refresh statuses
The current stage of an Account Refresh process lifecycle is represented in
field. The status of an Account Refresh process can be one of the following:
Name | Description |
notInitiated | The Account Refresh process is not initiated yet. |
processing | The Account Refresh process is in progress. |
fetching | The Account data fetching is in progress. |
fetchingFinished | The Account Refresh process is successfully finished. |
fetchingFailed | The Account Refresh process failed. |
partiallyFailed | The Account Refresh process is finished, but not all data was sent from the ASPSP to Salt Edge PSD2 Compliance. |
This endpoint is responsible for starting the process of refreshing account information data on Salt Edge PSD2 Compliance Solution side. Due to asynchronous nature of this action, TPP has to poll the status of this process using Accounts RefreshStatus
curl -i \
-H "Consent-Id: 34" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 41" \
-H "Psu-Corporate-ID: 412" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{
"initiatedByCustomer": false
}' \
-X POST "/:provider_code/api/berlingroup/v1/accounts/refresh"
Example of parameters
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |
ActionNotAllowed | 406 | You're not allowed to perform this action. This might be a rate limit, configuration problem or parameters incompatibility. |
AccessExceeded | 429 | Exceeded the number of requests for this action. |
AccessExceeded | 429 | Exceeded the number of requests for this action. |
Refresh Status
This endpoint is responsible for returning the current status of fetching account information process.
curl -i \
-H "Consent-Id: 34" \
-H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \
-H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \
-H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \
-H "Psu-ID: 41" \
-H "Psu-Corporate-ID: 412" \
-H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \
-H "Content-Type: application/json" \
-d '{}' \
-X GET "/:provider_code/api/berlingroup/v1/accounts/refresh/status"
Example of response
Header | Type | Description |
string, required | ID of the request, unique to the call, as determined by the initiating party. |
string, required | Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing |
datetime, required | Endpoint request execution date. |
string, optional | Client ID of the PSU in the ASPSP client interface. |
string, optional | Only used in a corporate context. If provided, specific corporate accounts will be returned. |
string, optional | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
string, optional | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
string, optional | The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available. |
string, optional | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. |
string, required | The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid |
string, required | A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid |
string, required | The media type of the body of the request. Allowed values: application/json |
string, required | ID of the corresponding consent object as returned by an Account Information Consent Request. Can raise: ConsentUnknown, ConsentExpired, ConsentInvalid, AccessDenied |
Request parameters
Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.
Related Errors
Class | Code | Description |
CertificateMissing | 401 | This request cannot be performed without Certificate header. |
CertificateInvalid | 401 | Given certificate is invalid. |
SignatureInvalid | 401 | Given signature is invalid. |
SignatureMissing | 401 | This request cannot be performed without Signature header. |
ConsentUnknown | 401 | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
ConsentExpired | 401 | The consent was created by this TPP but has expired and needs to be renewed. |
ConsentInvalid | 401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
AccessDenied | 403 | Action you want to perform is not allowed. More in error_message |