PSD2 Regulation

Article 31 (PSD2 RTS) – Outlines the access interface options, thus ASPSPs can provide access:

  1. via a dedicated interface (generally understood to refer to an API-based solution)
  2. by allowing the use by TPPs, the interfaces used for authentication and communication with the ASPSP’s payment service users

Article 33 (PSD2 RTS) – Outlines the requirements of contingency interface.


MCI Description

Modified Customer Interface (MCI) enables TPPs to access the designated payment accounts of PSUs for inscope banking entities under PSD2.

TPP is able to retrieve all content of ASPSP’s mobile application when they login using customer credentials. This solution is based on existing mobile application design.


Access to MCI Environment

The MCI interface allows TPPs to access Zumo’s mobile-banking environment.

In order to access the MCI environment the TPP has to add the following host: https://mci-zumo.saltedge.com in front of each found path while addressing the mobile-banking API. To navigate through MCI the TPP has to send signed REST requests to the corresponding path and parse the response for further activities.

In order to use the MCI solution, TPP will be required to be compliant with the following:

  • TPPs must be appropriately authorized or regulated by the UK Financial Conduct Authority (FCA)
  • TPPs must present their OBIE certificates in all requests initiated towards the MCI environment

Authentication

This request initiates the authentication process of PSU. Successful response will contain mciAuthId which can be used to map the later callback with a user access token.

Request

POST https://mci-zumo.saltedge.com/open-banking/mci/auth/request

CURL

curl -i  \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "TPP-Signature: eyJhbGciOiJSUzI1NiJ9.eyJrZXkiOiJ2YWx1ZSJ9.kcilNLO1WBTzgzD0Kjy499OzexTy_I0MBhs5W0sl1OdKNVY-9EnPIIi5pK4hF2ASWpERdW1uDk5v4QUbcvcZPVMzZklmyYOho-r9MTki-gnT6NJSp5dkgRATp9JjnlayJew3qCcx3rBAzA_c_qpJtKus1zh9YGOdi5ohMBKh76D0sD-qdJtvLOdfhdEWpXevj18x0i8nkxhulBR2QYjEv6bj8YnHhCJ-3IfsPtrB2Ltj_39Z0JQfeYsKLd9cJOwUfwIOsnUXugZL7JEL-n-phKTWCQFp0Otg_V56AprC5_-7rtFRymayupSnsRgAkxXpu0Q6mxIGZEp2ISjRrOcViQ" \ 
 -H "Content-Type: application/json" \ 
 -d '{
  "userEmail": "tester+api+01@localhost",
  "tppId": "63",
  "tppTitle": "Company name",
  "tppWebhookUrl": "https://some-wh-url/some-path"
}' \ 
-X POST "https://mci-zumo.saltedge.com/open-banking/mci/auth/request"

Example response:

{"mciAuthId":"4f168760-20e6-4d6b-9ab5-ee9e34054fd5"}
Headers
Header Type Description
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: TppCertificateInvalid
TPP-Signature string, required JSON Web Signature containing payload, signed using RS256 and application.private_key. Can raise: MciSignatureInvalid
Content-Type string, required The media type of the body of the request. Accepted values: application/json
TPP-Signature Payload
method
string, required
HTTP method. Allowed values: POST
url
string, required
The full called URL. Example: https://mci-zumo.saltedge.com/open-banking/mci/auth/request
body
string, required
Raw POST data. In case it is not a POST request, the value will be “”.
Parameters
userEmail
string, required
Email of the PSU.
tppId
string, required
TPP application identifier in Salt Edge PSD2 Compliance received upon registration request client_id
tppTitle
string, required
Name of the TPP company.
tppWebhookUrl
string, required
Callback endpoint on TPP side to which Zumo will send the accessToken once the user approves the data sharing request through Zumo App.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors‘ table for other possibilities.


mciAuthId
string, required
A session id used to map the later callback with a user access token.
Related Errors
Class Code Description
TppCertificateInvalid 400 Invalid certificate or given certificate doesn’t have permissions in country_code.
Details are stored in error_message.
MciSignatureInvalid 400 Given signature is invalid or malformed.
RequestFormatInvalid 400 Request format is wrong. Details are stored in error_message.

Callback with accessToken

Once a user approves the data sharing request through Zumo App, the accessToken is sent to the tppWebhookUrl TPP has provided in the initial authentication request. Access token is valid for 90 days.

Request

POST https://tppWebhookUrl

Example of parameters

{"mciAuthId":"4f168760-20e6-4d6b-9ab5-ee9e34054fd5","accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw","expiresIn":"1595846319"}
Headers
Header Type Description
Content-Type string, required The media type of the body of the request. Accepted values: application/json
Parameters
mciAuthId
string, required
Same session id as retrieved on authentication request.
accessToken
string, required
User access token valid for 90 days.
expiresIn
string, required
Expiration timestamp in seconds.
Response

TPP service should respond with HTPP code 204 and empty body.


KYC

Retrieves the KYC data of the PSU.

Request

GET https://mci-zumo.saltedge.com/open-banking/mci/tpp/user

CURL

curl -i  \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "TPP-Signature: eyJhbGciOiJSUzI1NiJ9.eyJrZXkiOiJ2YWx1ZSJ9.kcilNLO1WBTzgzD0Kjy499OzexTy_I0MBhs5W0sl1OdKNVY-9EnPIIi5pK4hF2ASWpERdW1uDk5v4QUbcvcZPVMzZklmyYOho-r9MTki-gnT6NJSp5dkgRATp9JjnlayJew3qCcx3rBAzA_c_qpJtKus1zh9YGOdi5ohMBKh76D0sD-qdJtvLOdfhdEWpXevj18x0i8nkxhulBR2QYjEv6bj8YnHhCJ-3IfsPtrB2Ltj_39Z0JQfeYsKLd9cJOwUfwIOsnUXugZL7JEL-n-phKTWCQFp0Otg_V56AprC5_-7rtFRymayupSnsRgAkxXpu0Q6mxIGZEp2ISjRrOcViQ" \ 
 -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw" \ 
 -H "Content-Type: application/json" \ 
 -X GET "https://mci-zumo.saltedge.com/open-banking/mci/tpp/user"

Example response body

{"firstName":"Testthreesevenfournew","middleName":"","lastName":"March","dateOfBirth":"1988-05-01","homeAddress":{"addressLine1":"Scotland Road","addressLine2":"","houseNumber":"1112","countryCode":"GB","postCode":"eh11ee","postTown":"Edinburgh"},"nationality":"","phone":"+447968312956"}
Headers
Header Type Description
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: TppCertificateInvalid
TPP-Signature string, required JSON Web Signature containing payload, signed using RS256 and application.private_key. Can raise: MciSignatureInvalid
Authorization string, required User access token retrieved in the callback.
Content-Type string, required The media type of the body of the request. Accepted values: application/json
TPP-Signature Payload
method
string, required
HTTP method. Allowed values: GET
url
string, required
The full called URL.
body
string, required
Raw POST data. In case it is not a POST request, the value will be “”.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors‘ table for other possibilities.


firstName
string, required
PSU first name.
middleName
string, required
PSU middle name.
lastName
string, required
PSU last name.
dateOfBirth
string, required
PSU date of birth in YYYY-MM-DD format.
Related Errors
Class Code Description
TppCertificateInvalid 400 Invalid certificate or given certificate doesn’t have permissions in country_code.
Details are stored in error_message.
MciSignatureInvalid 400 Given signature is invalid or malformed.

Accounts

Retrieves account information data of a PSU.

Request

GET https://mci-zumo.saltedge.com/open-banking/mci/tpp/accounts

CURL

curl -i  \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "TPP-Signature: eyJhbGciOiJSUzI1NiJ9.eyJrZXkiOiJ2YWx1ZSJ9.kcilNLO1WBTzgzD0Kjy499OzexTy_I0MBhs5W0sl1OdKNVY-9EnPIIi5pK4hF2ASWpERdW1uDk5v4QUbcvcZPVMzZklmyYOho-r9MTki-gnT6NJSp5dkgRATp9JjnlayJew3qCcx3rBAzA_c_qpJtKus1zh9YGOdi5ohMBKh76D0sD-qdJtvLOdfhdEWpXevj18x0i8nkxhulBR2QYjEv6bj8YnHhCJ-3IfsPtrB2Ltj_39Z0JQfeYsKLd9cJOwUfwIOsnUXugZL7JEL-n-phKTWCQFp0Otg_V56AprC5_-7rtFRymayupSnsRgAkxXpu0Q6mxIGZEp2ISjRrOcViQ" \ 
 -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw" \ 
 -H "Content-Type: application/json" \ 
 -X GET "https://mci-zumo.saltedge.com/open-banking/mci/tpp/accounts"

Example response body

{"zumo_id":"22139fde-cb06-4ec0-ad9e-bf5a9dbdd43e","created_at":1614691442,"updated_at":1614691442,"network":"MAINNET","currency_code":"GBP","type":"fiat","status":"active","balance_updated_at":null,"balance":"0","account_number":"70403603","sort_code":"000000","bic":null,"iban":null,"fiat_type":"SCAN"}
Headers
Header Type Description
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: TppCertificateInvalid
TPP-Signature string, required JSON Web Signature containing payload, signed using RS256 and application.private_key. Can raise: MciSignatureInvalid
Authorization string, required User access token retrieved in the callback.
Content-Type string, required The media type of the body of the request. Accepted values: application/json
TPP-Signature Payload
method
string, required
HTTP method. Allowed values: GET
url
string, required
The full called URL.
body
string, required
Raw POST data. In case it is not a POST request, the value will be “”.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors‘ table for other possibilities.


zumo_id
string, required
ID of Zumo account.
created_at
string, required
Timestamp of account creation date.
updated_at
string, required
Timestamp of account last update.
network
string, required
Constant variable always returned as ‘MAINNET’.
currency_code
string, required
Currency code.
type
string, required
Currency type.
status
string, required
Account status.
balance_updated_at
string, required
Timestamp of last balance update.
balance
string, required
Balance amount.
account_number
string, required
Account number.
sort_code
string, required
Sort code.
bic
string, required
Bank Identifier Code.
iban
string, required
Account IBAN identifier.
fiat_type
string, required
Fiat type.
Related Errors
Class Code Description
TppCertificateInvalid 400 Invalid certificate or given certificate doesn’t have permissions in country_code.
Details are stored in error_message.
MciSignatureInvalid 400 Given signature is invalid or malformed.

Transactions

Retrieves the list of transactions of a PSU.

Request

GET https://mci-zumo.saltedge.com/open-banking/mci/tpp/transactions

CURL

curl -i  \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "TPP-Signature: eyJhbGciOiJSUzI1NiJ9.eyJrZXkiOiJ2YWx1ZSJ9.kcilNLO1WBTzgzD0Kjy499OzexTy_I0MBhs5W0sl1OdKNVY-9EnPIIi5pK4hF2ASWpERdW1uDk5v4QUbcvcZPVMzZklmyYOho-r9MTki-gnT6NJSp5dkgRATp9JjnlayJew3qCcx3rBAzA_c_qpJtKus1zh9YGOdi5ohMBKh76D0sD-qdJtvLOdfhdEWpXevj18x0i8nkxhulBR2QYjEv6bj8YnHhCJ-3IfsPtrB2Ltj_39Z0JQfeYsKLd9cJOwUfwIOsnUXugZL7JEL-n-phKTWCQFp0Otg_V56AprC5_-7rtFRymayupSnsRgAkxXpu0Q6mxIGZEp2ISjRrOcViQ" \ 
 -H "Content-Type: application/json" \ 
 -X GET "https://mci-zumo.saltedge.com/open-banking/mci/tpp/transactions"

Example response body

{"id":"7af63326-3034-4d55-957c-50b58deb0fdc","status":"rejected","value":"100","submitted_at":1595840852,"confirmed_at":null,"created_at":1595840853,"updated_at":1595840853,"network":"TESTNET","type":"nominated","currency_code":"GBP","from_zumo_account_id":null,"to_zumo_account_id":"cfddeaad-bd3f-442d-95d6-ed5aad5793a9","from_zumo_user_id":null,"to_zumo_user_id":"f453d030-834b-459d-9a04-8eed2d34ad2c","nonce":"c3d2bcef-d504-42fe-8440-82f290e464fc","fiat_details":{"from_account_number":"70237642","from_sort_code":"000000","from_bic":null,"from_iban":null,"to_account_number":"70243256","to_sort_code":"000000","to_bic":null,"to_iban":null,"reference":"Test","created_at":1595840853,"updated_at":1595840853}}
Headers
Header Type Description
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: TppCertificateInvalid
TPP-Signature string, required JSON Web Signature containing payload, signed using RS256 and application.private_key. Can raise: MciSignatureInvalid
Authorization string, required User access token retrieved in the callback.
Content-Type string, required The media type of the body of the request. Accepted values: application/json
TPP-Signature Payload
method
string, required
HTTP method. Allowed values: GET
url
string, required
The full called URL.
body
string, required
Raw POST data. In case it is not a POST request, the value will be “”.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors‘ table for other possibilities.


id
string, required
Transaction ID.
status
string, required
Transaction status.
value
string, required
Transaction amount.
submitted_at
string, required
Timestamp of transaction submission.
confirmed_at
string, required
Timestamp of transaction confirmation.
created_at
string, required
Timestamp of transaction creation.
updated_at
string, required
Timestamp of transaction update.
network
string, required
Constant variable always returned as ‘MAINNET’.
type
string, required
Transaction type.
currency_code
string, required
Currency code.
from_zumo_account_id
string, required
Debtor Zumo account ID.
to_zumo_account_id
string, required
Creditor Zumo account ID.
from_zumo_user_id
string, required
Debtor Zumo identifier.
to_zumo_user_id
string, required
Creditor Zumo identifier.
nonce
string, required
Unique identifier created on client side when a new transaction is initiated.
Related Errors
Class Code Description
TppCertificateInvalid 400 Invalid certificate or given certificate doesn’t have permissions in country_code.
Details are stored in error_message.
MciSignatureInvalid 400 Given signature is invalid or malformed.