Create

The API allows the TPP to ask an ASPSP to create a new account-access-consent resource.

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.eyJEYXRhIjp7IlBlcm1pc3Npb25zIjpbIlJlYWRBY2NvdW50c0Jhc2ljIiwiUmVhZEFjY291bnRzRGV0YWlsIiwiUmVhZEJhbGFuY2VzIiwiUmVhZEJlbmVmaWNpYXJpZXNEZXRhaWwiLCJSZWFkVHJhbnNhY3Rpb25zQmFzaWMiLCJSZWFkVHJhbnNhY3Rpb25zQ3JlZGl0cyIsIlJlYWRUcmFuc2FjdGlvbnNEZWJpdHMiLCJSZWFkVHJhbnNhY3Rpb25zRGV0YWlsIiwiUmVhZE9mZmVycyIsIlJlYWRQQU4iLCJSZWFkUGFydHkiLCJSZWFkUGFydHlQU1UiLCJSZWFkUHJvZHVjdHMiLCJSZWFkU3RhbmRpbmdPcmRlcnNEZXRhaWwiLCJSZWFkU2NoZWR1bGVkUGF5bWVudHNEZXRhaWwiLCJSZWFkU3RhdGVtZW50c0RldGFpbCIsIlJlYWREaXJlY3REZWJpdHMiXSwiRXhwaXJhdGlvbkRhdGVUaW1lIjoiMjAxNy0wNS0wMlQwMDowMDowMCswMDowMCIsIlRyYW5zYWN0aW9uRnJvbURhdGVUaW1lIjoiMjAxNy0wNS0wM1QwMDowMDowMCswMDowMCIsIlRyYW5zYWN0aW9uVG9EYXRlVGltZSI6IjIwMTctMTItMDNUMDA6MDA6MDArMDA6MDAifSwiUmlzayI6e319.jQ-xIqFFYVdGGYBRiNp7XdFTrPo88190Lb2GlAENfNM-bD9qNj0nHjiuwR7jFLUkhGtHY01WhrplYoBeDO715_-4d9hsept5YufEwoYOdPuu1_cMCR06UcdNYYxnbl5sawIFlgEULi3d1Rw9l3QoEOTvVzHvwun4suGKWBTT0H_TQ0sHHv9jg7dJTGT1u9TTdqGH_uywKFTL2MbHdFjwbUlYgYWovAHIudGC8IgzQJsFuk_8KuXm8KYuHFWNjHk6VH9C2yw-g6o-ANxI3Q3PSftTY2aXsrQ2X-JzaW-gWcuCRg6ATVLE8_L7pPbsxkH8CBWTDxoWgJ29ido_l82yCQ' \ 
-X POST "/api/:provider_code/open-banking/v3.1/aisp/account-access-consents"

Example of request

{"Data":{"Permissions":["ReadAccountsBasic","ReadAccountsDetail","ReadBalances","ReadBeneficiariesDetail","ReadTransactionsBasic","ReadTransactionsCredits","ReadTransactionsDebits","ReadTransactionsDetail","ReadOffers","ReadPAN","ReadParty","ReadPartyPSU","ReadProducts","ReadStandingOrdersDetail","ReadScheduledPaymentsDetail","ReadStatementsDetail","ReadDirectDebits"],"ExpirationDateTime":"2017-05-02T00:00:00+00:00","TransactionFromDateTime":"2017-05-03T00:00:00+00:00","TransactionToDateTime":"2017-12-03T00:00:00+00:00"},"Risk":{}}

Example of response

{"Data":{"ConsentId":"urn-alphabank-intent-88379","Status":"AwaitingAuthorisation","StatusUpdateDateTime":"2017-05-02T00:00:00+00:00","CreationDateTime":"2017-05-02T00:00:00+00:00","Permissions":["ReadAccountsBasic","ReadAccountsDetail","ReadBalances","ReadBeneficiariesDetail","ReadTransactionsBasic","ReadTransactionsCredits","ReadTransactionsDebits","ReadTransactionsDetail","ReadOffers","ReadPAN","ReadParty","ReadPartyPSU","ReadProducts","ReadStandingOrdersDetail","ReadScheduledPaymentsDetail","ReadStatementsDetail","ReadDirectDebits"],"ExpirationDateTime":"2017-08-02T00:00:00+00:00","TransactionFromDateTime":"2017-05-03T00:00:00+00:00","TransactionToDateTime":"2017-12-03T00:00:00+00:00"},"Risk":{},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/account-access-consents/urn-alphabank-intent-88379"},"Meta":{"TotalPages":1}}
Request

POST /api/:provider_code/open-banking/v3.1/aisp/account-access-consents

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Idempotency-Key string, optional Unique uuid used to recognize subsequent retries of the same request valid for 24 hours. Allowed length: max: 40 characters
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound
Risk
hash, optional
The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info.
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Risk
hash, required
The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info.
Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
FieldInvalidDate 400 An invalid date is supplied.
ResourceInvalidFormat 400 Payload schema does not match to the endpoint.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Forbidden 403 Action is forbidden. More details in error_message.

Show

A TPP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the TPP must have an access token issued by the ASPSP using a client credentials grant.

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.KAoP8iASiQN5pJdNcohVSqrBhG0RWPCB-d0L8ls4wiQsyGIseowJVT0_f842yYRRA1QWTUinq8euzzOmOIJAjBbvU3jJkRZgIF2XYd-IR--Ppc0Z0zNxxHs-sGxtjQg32ZOI8nuGBkj4Cg2xU_te0xPpzw7cKWztggsz4Nqr1olRjUzvgLr-G9_cSxSDu2U_KXUgLMVFgkJ5njCt6TScxTcmJ_DIMnPE979T8IoKgf7kxHmZ9C7qD2w9MmuVDJlDDGLDNVYICli2ec6n_10wf1dKx4mUE6yU97OIEONV_v57KgML8-qPueWlo-TrLnonZlkAEreSgt8Se3IEj1ZJsg' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/account-access-consents/:consent_id"

Example of response

{"Data":{"ConsentId":"urn-alphabank-intent-88379","Status":"AwaitingAuthorisation","StatusUpdateDateTime":"2017-05-02T00:00:00+00:00","CreationDateTime":"2017-05-02T00:00:00+00:00","Permissions":["ReadAccountsBasic","ReadAccountsDetail","ReadBalances","ReadBeneficiariesDetail","ReadTransactionsBasic","ReadTransactionsCredits","ReadTransactionsDebits","ReadTransactionsDetail","ReadOffers","ReadPAN","ReadParty","ReadPartyPSU","ReadProducts","ReadStandingOrdersDetail","ReadScheduledPaymentsDetail","ReadStatementsDetail","ReadDirectDebits"],"ExpirationDateTime":"2017-08-02T00:00:00+00:00","TransactionFromDateTime":"2017-05-03T00:00:00+00:00","TransactionToDateTime":"2017-12-03T00:00:00+00:00"},"Risk":{},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/account-access-consents/urn-alphabank-intent-88379"},"Meta":{"TotalPages":1}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/account-access-consents/:consent_id

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound
consent_id (path)
string, required
Unique identification as assigned to identify the account access consent resource. Can raise: FieldInvalid, ResourceNotFound
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Risk
hash, required
The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info.
Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Forbidden 403 Action is forbidden. More details in error_message.

Destroy

If the PSU revokes consent to data access with the TPP, the TPP must delete the account-access-consent resource with the ASPSP as soon as is practically possible.

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.vaRL0VLotAMTzJSbERUsOx8Lcyt2Ubw15LxwLgsQGCg2_xnVLs7jYCHRm_o1KKws6Lmiyh_6-fdjh9Y1g0-UOKpn3E9FFVkTjzWHpeMmSUNzJ7gsCZ0sz-EbWwcvjU-C9EC2NY1rzjV9QYo4cbg6MYde4XrwH-1xXp9g3lY5-eYaphfhRj8j4hl6zNaY5uxrLwu-7uTLKpKyuH50pHP_vgr6Iv4kSBo64c9ipAnSIZzwsjZaXNQ4G16reTJqIaJH_EltW_D1QtvltbNU9J7tdDct1nCXUIWekYc9vEXp-wkRpeyQcdU4_S9mTPjUrDTQmrvAt2dcq-K5A_vMEC5GSg' \ 
-X DELETE "/api/:provider_code/open-banking/v3.1/aisp/account-access-consents/:consent_id"
Request

DELETE /api/:provider_code/open-banking/v3.1/aisp/account-access-consents/:consent_id

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound
consent_id (path)
string, required
Unique identification as assigned to identify the account access consent resource. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.

Refresh

A lot of ASPSP's can not return imediately all AIS information. Call the POST /refresh endpoint before GET /accounts .
TPP should await success or fail final status. TPP may retrieve status by calling GET /refresh_status.

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.eyJEYXRhIjp7IkluaXRpYXRlZEJ5Q3VzdG9tZXIiOnRydWV9fQ.FQ_ZF68y8_XqX5_sAaQdd-TWWBkhMGRcv2kEY3JuaxTA0tOfgGhrWvqI6yVe8KzfBnQqbmV1uRgSc58_LMS-ALQGKRZpIpodIIauQdOLXFXRBdgJ6Tvmp7LOjB0XjnLQE25SujsCDsXkbVdm3noQiCzE-uchXuLrwaHmowM6HRneOab4L8PfhmEPwYs3-gZ1aGl0Lr5g390ulFmEwGFJklHCnukAQZtfZB8ndugNZdtsSSVTyXaVrGSi5ETFsDk4L01pmmw4PEhWHJM8xoOlECEtFTvxLS1VkvUZvn2t-0k54YwYkLbllaNXpMrRA8l2YsByG2ngT_XcJuh3EdY5cA' \ 
-X POST "/api/:provider_code/open-banking/v3.1/aisp/accounts/refresh"

Example of request

{"Data":{"InitiatedByCustomer":true}}

Example of response

{"Data":{"Status":"Processing"},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/accounts/refresh/status"},"Meta":{"TotalPages":1}}
Request

POST /api/:provider_code/open-banking/v3.1/aisp/accounts/refresh

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus, TooEarly
InitiatedByCustomer
boolean, optional
Defines whether the request was initiated by the user or by the AISP without user presence. AISPs can access the payment accounts information only a max of 4 times within 24 hours without the user presence, or whenever the payment service user is actively requesting such information. Default value: false Can raise: ActionNotAllowed, AccessExceeded, AccessExceeded
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
TooEarly 425 The service is not ready to process the request.
AccessExceeded 429 Exceeded the number of automatic requests for this action.
AccessExceeded 429 Exceeded the number of automatic requests for this action.

Status of Refresh

TPP can retrieve REFRESH process status by calling the GET /refresh_status endpoint.
TPP should await success final status before request AIS info (e.g. accounts, transactions, balances).

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.C8fvL0xXh3M68cDuL18R39gilE5FH8wssKUYOIOrsJ9wAk5nqXnR9NSoWNDQiYuvOd5MZDuG5bzPPTunERT6qj0MigmV5tLpVfSbSGInDE_R-E5BWF9BBxV7EWSbKGYE6TVubk_uUH5yy4Lo59pWdSRTRQkthND6QwK3mPjirxFQH75IuAl--ndvzNttTGpbTobMESe1TV9tCiG6CViwTbTY9e4BvZ3WMFkdLuLwiucvYcIcBkxA7WnMFThJnVquBl_CqDW5PP-eYTgSbKRJf0M2R0eLtEnkZRQJUI8cUX-cogHAR6vtDW-hSLMe87zJ-IWyTPloGRHzL98nITO3jw' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/accounts/refresh/status"

Example of response

{"Data":{"Status":"FetchingFinished"},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/accounts/refresh/status"},"Meta":{"TotalPages":1}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/accounts/refresh/status

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: ResourceNotFound
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
ResourceNotFound 400 Specified resource doesn't exist.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Forbidden 403 Action is forbidden. More details in error_message.

Index

The first step for a TPP after an account request is authorised - is to call the GET /accounts endpoint.
A TPP will be given the full list of accounts (the AccountId(s)) that the PSU has authorised the TPP to access. The AccountId(s) returned may then be used to retrieve other resources for a specific AccountId. The selection of authorised accounts happens only at the ASPSP's interface.

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.GoefoxHoXiQdXxLnG5LVCwYYj9CCdPks6cb86M3ToaFYu-julKGQg6sPACZrV9H1P62sIHIJj_a-HXZzBoH0qEg4D0bUT5zZH1TrDNMuiMc5Ub5TqQgKsHoeWoR1K94p2gJxnuunKEa7tn1mViflIiyLIo_mSAxI3vf5PQGUFCACUakIVoO9PqNrgTvDP09sljRqNgTpSBppGFU0WPtDeW4A73mBrmMNbfG47Nk8eFo2Kl7PrNB58XIgyz-pbNmaIzhhbdwODRzGQaSXMA1ttSocf376jQ-vmmyF4uv3inWqquafmwEGo_d7wGnpqlQwS1zcIiKJ_URfMDkIuUkbHg' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/accounts"

Example of response

{"Data":{"Account":[{"AccountId":"22289","Status":"Enabled","StatusUpdateDateTime":"2019-01-01T06:06:06+00:00","Currency":"GBP","AccountType":"Personal","AccountSubType":"CurrentAccount","Description":"Description of account","Nickname":"Bills","OpeningDate":"2019-01-01","MaturityDate":"2019-01-01","SwitchStatus":"processing","Account":[{"SchemeName":"UK.OBIE.SortCodeAccountNumber","Identification":"80200110203345","Name":"Mr Kevin","SecondaryIdentification":"00021"}],"Servicer":{"SchemeName":"UK.OBIE.BICFI","Identification":"80200110203345"}},{"AccountId":"31820","Status":"Enabled","StatusUpdateDateTime":"2018-01-01T06:06:06+00:00","Currency":"GBP","AccountType":"Personal","AccountSubType":"CurrentAccount","Nickname":"Household","Account":[{"SchemeName":"UK.OBIE.SortCodeAccountNumber","Identification":"80200110203348","Name":"Mr Kevin"}]}]},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/accounts/"},"Meta":{"TotalPages":1}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/accounts

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus, TooEarly
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.
TooEarly 425 The service is not ready to process the request.

Show

A TPP may retrieve the account information resources for the AccountId (which is retrieved in the call to GET /accounts).

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.vJQ2mtnGBazHft4VaThLjku1fNuu0EoI5GnRvuWSCPuievXUsL-XqtOrzqWzAjkN7H6FZZ0j6ZtOLWtoVdoukyTutazzCqyj3ATfPWrgJe5STJj7MJQdVvT_SnkjJQljIH8vUVxMylKaN2LWQQzyB-l5aQ12-3I1yQ3mPkOU-mXaly29T2Z5gErqR5ORPnhwUx6c3quaFwzS8Cgy4oh7rutuU9HhrpPBzG7uIFt11NuYzKrjO7y1Ls8e7J0pZg1ZMFu4Rla7btcCHFmisQP4CE7CJmk2bm06UFA4K1DrJcAWgMWCTh2Jy6smrXVj1yRW-gcXS_A9IZTDckKSV3DLDg' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id"

Example of response

{"Data":{"Account":[{"AccountId":"22289","Status":"Enabled","StatusUpdateDateTime":"2019-01-01T06:06:06+00:00","Currency":"GBP","AccountType":"Personal","AccountSubType":"CurrentAccount","Description":"Description of account","Nickname":"Bills","OpeningDate":"2019-01-01","MaturityDate":"2019-01-01","SwitchStatus":"processing","Account":[{"SchemeName":"UK.OBIE.SortCodeAccountNumber","Identification":"80200110203345","Name":"Mr Kevin","SecondaryIdentification":"00021"}],"Servicer":{"SchemeName":"UK.OBIE.BICFI","Identification":"80200110203345"}}]},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/accounts/22289"},"Meta":{"TotalPages":1}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus, TooEarly
account_id (path)
string, required
A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner. Can raise: ResourceNotFound
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.
TooEarly 425 The service is not ready to process the request.

Transactions

An TPP may retrieve the transaction resource for a specific AccountId (which is retrieved in the call to GET /accounts).

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.oOG4XAuTlv0MC0XmU99CrhJXSP1ruUN0025KzXFr43oTYAk3u9OnGcVST7Wo_EG8S73BW43dZ2HT1wmVdsQsfd8BZu573lrVF2sotRsNjIrD4ZK4IMH7P-Fsw_FyAT7YlXOz0LrrFF7YGjFt04B5V3qc1q4KAVb7GJ4Xc3NUFB08NYpL9HJAsW3q4zMp7re6Qaw9EpzPtLwwfoJEPuB0g0Xc73o4FTnYDjtvCMerXkpzPoLXZ6k9zny0Oj7JHsS7YQ0a08bgW86vS9bZekvA2bEPdy8vmZ89xniTB0iyHvjw-vgwvyjLmSFOcV5oejzKUYXeSbhPXQBMS9r-Goqy-A' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id/transactions"

Example of response

{"Data":{"Transaction":[{"AccountId":"22289","TransactionId":"123","TransactionReference":"Ref 1","StatementReference":["some-ref"],"CreditDebitIndicator":"Credit","Status":"Booked","TransactionMutability":"Immutable","BookingDateTime":"2017-04-05T10:43:07+00:00","ValueDateTime":"2017-04-05T10:45:22+00:00","TransactionInformation":"Cash from Aubrey","Amount":{"Amount":"10.00","Currency":"GBP"},"ChargeAmount":{"Amount":"10.00","Currency":"GBP"},"CurrencyExchange":{"SourceCurrency":"EUR","TargetCurrency":"GBP","UnitCurrency":"GBP","ExchangeRate":"0.92","ContractIdentification":"some-identification","QuotationDate":"2017-04-05","InstructedAmount":{"Amount":"10.00","Currency":"GBP"}},"BankTransactionCode":{"Code":"ReceivedCreditTransfer","SubCode":"DomesticCreditTransfer"},"ProprietaryBankTransactionCode":{"Code":"Transfer","Issuer":"AlphaBank"},"Balance":{"Amount":{"Amount":"230.00","Currency":"GBP"},"Type":"InterimBooked","CreditDebitIndicator":"Credit"},"MerchantDetails":{"MerchantName":"Merchant name","MerchantCategoryCode":"some-code"},"CreditorAgent":{"SchemeName":"UK.OBIE.BICFI","Identification":"GB29NWBK60161331926819","Name":"Creditor Agent Name","PostalAddress":{"AddressType":"Address with house number and street","Department":"Prime Minister's Office","SubDepartment":"Cabinet Office","StreetName":"Sir George Downing","BuildingNumber":"10","PostCode":"SW1A 2AA","TownName":"City of Westminster London,","CountrySubDivision":"London","Country":"GB","AddressLine":"10 Downing St, Westminster, London SW1A 2AA, United Kingdom"}},"CreditorAccount":{"SchemeName":"UK.OBIE.IBAN","Identification":"GB29NWBK60161331926819","Name":"Creditor Account Name","SecondaryIdentification":"12-34-56"},"DebtorAgent":{"SchemeName":"UK.OBIE.BICFI","Identification":"GB29NWBK60161331926810","Name":"Debtor Agent Name","PostalAddress":{"AddressType":"Address with house number and street","Department":"Prime Minister's Office","SubDepartment":"Cabinet Office","StreetName":"Sir George Downing","BuildingNumber":"10","PostCode":"SW1A 2AA","TownName":"City of Westminster London,","CountrySubDivision":"London","Country":"GB","AddressLine":"10 Downing St, Westminster, London SW1A 2AA, United Kingdom"}},"DebtorAccount":{"SchemeName":"UK.OBIE.IBAN","Identification":"GB29NWBK60161331926810","Name":"Debtor Account Name","SecondaryIdentification":"22-33-55"},"CardInstrument":{"CardSchemeName":"Debit Card","AuthorizationType":"OAuth","Name":"Card Name","Identification":"12-34-56"},"SupplementaryData":{}}]},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/accounts/22289/transactions/"},"Meta":{"TotalPages":1,"FirstAvailableDateTime":"2017-05-03T00:00:00+00:00","LastAvailableDateTime":"2017-12-03T00:00:00+00:00"}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id/transactions

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus, TooEarly
account_id (path)
string, required
A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner. Can raise: ResourceNotFound
fromBookingDateTime (query)
datetime, optional
Specifies start date and time for filtering of the Transaction records on the Transaction/BookingDateTime field.
toBookingDateTime (query)
datetime, optional
Specifies end date and time for filtering of the Transaction records on the Transaction/BookingDateTime field.
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.
TooEarly 425 The service is not ready to process the request.

Balances

A TPP may retrieve the account balance information resource for a specific AccountId (which is retrieved in the call to GET /accounts).

CURL

curl -i  \ 
 -H "Authorization: Bearer Az90SAOJklae" \ 
 -H "x-fapi-interaction-id: some-uuid" \ 
 -H "Content-Type: application/json" \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.e30.TCx0sKLmDRoosHEw2fmWdzWOuuvKMYf-4ChPCMzwVHl9Tli0dEcDVJwSr6TIrWQ3j59y_IVerDMOckOBvzjbc9TAJyT4wB3liVPWr87kEMm3FL9MgQlDK2IF4lHlKj75hsKjNzXQzlUDpGgga-Rdv-RDs3WoX79ElBXHEO6U4spH6FRXFoD2Lbqx94ryjz8_pggc0mqH54BsJ3C7n90JN0EcJHo462SFqUirGtWpHVbBQ2QvDVxHsqKgUyr0yZaG_sCHSdzI2jFnzBk7OYia5nkMmiwDefeLIf_M-AZu8AWtMyBdZ5-Z-x-kixZbkzT_-cXWJgCcblbYcyIP_eH7ZA' \ 
-X GET "/api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id/balances"

Example of response

{"Data":{"Balance":[{"AccountId":"22289","Amount":{"Amount":"1230.00","Currency":"GBP"},"CreditDebitIndicator":"Credit","Type":"InterimAvailable","DateTime":"2017-04-05T10:43:07+00:00","CreditLine":[{"Included":true,"Amount":{"Amount":"1000.00","Currency":"GBP"},"Type":"Temporary"}]},{"AccountId":"31820","Amount":{"Amount":"57.36","Currency":"GBP"},"CreditDebitIndicator":"Debit","Type":"InterimBooked","DateTime":"2017-05-02T14:22:09+00:00"}]},"Links":{"Self":"https://api.alphabank.com/open-banking/v3.1/aisp/balances/"},"Meta":{"TotalPages":1}}
Request

GET /api/:provider_code/open-banking/v3.1/aisp/accounts/:account_id/balances

Headers
Header Type Description
Content-Type string, optional The media type of the body of the request. Default value: application/json
x-fapi-interaction-id string, optional An RFC4122 UID used as a correlation Id.
Authorization string, required Standard HTTP Header; Allows Credentials to be provided to the Authorisation / Resource Server depending on the type of resource being requested. For OAuth 2.0 / OIDC, this comprises of either the Basic / Bearer Authentication Schemes. Can raise: HeaderMissing, HeaderInvalid, ResourceNotFound, Forbidden
Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: FieldInvalid, ResourceNotFound, Unauthorized, ResourceInvalidConsentStatus, TooEarly
account_id (path)
string, required
A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner. Can raise: ResourceNotFound
Response headers
Header Type Description
Content-Type string, required The media type of the body of the request.
x-fapi-interaction-id string, required An RFC4122 UID used as a correlation Id. If provided, the ASPSP must "play back" this value in the x-fapi-interaction-id response header.
Retry-After integer, optional Amount of time in seconds after which Salt Edge PSD2 Compliance Solution resends the previously failed request.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


Related Errors
Class Code Description
FieldInvalid 400 An invalid value is supplied in the field. More details in error_message.
ResourceNotFound 400 Specified resource doesn't exist.
ResourceInvalidConsentStatus 400 The action can't be performed with current status of consent.
HeaderMissing 400 A required HTTP header has not been provided.
HeaderInvalid 400 An invalid value is supplied in the HTTP header.
Unauthorized 401 Unauthorized access.
Forbidden 403 Action is forbidden. More details in error_message.
TooEarly 425 The service is not ready to process the request.