SaltEdge PSD2 Compliance Logo

All

Returns all accounts belonging to a PSU and all relevant information about them. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6NjY1fSwiZXhwIjoxNjE0MzUwODE3fQ.efM5Qoe1r5KZlNGPuNndPD8gcXvBrYDR0U7UVTH6xH_ZMgVWp_65lmyIWH9jXnoYBPLG28TvEpo4fpYt42RDisZoEAkuC54KgJfmdfDP2qcL95lnmJoEtJV7QhdFLFxNOfk3jxW9GyGrD1aG7nXjQyG50Amr7DRDXhqWQPspmJmgFgIbFPpbnwQk2QEmMQBEYClm0cp6RVysX79J0dZnJ6gOZKJhqmZ3CJ1dDnS2GOZAOHSOhmN_tLxt3omTmorayyD9Lg2gLetjh0OllisoCw3EgI86ugpGvLnth_LI5QWJKjImSMdm7OAfOPLGKsZIlBNlT7uxr7EPs7n2uhvrAA" \ 
 -H "App-Id: hdxOnJzz7tUdwso5TeGIOQ" \ 
 -H "App-Secret: mQdTa13N7SoBsmnoHok0mQ" \ 
 -H "Access-Token: 0bd6a34ce608515b9ce2c2afae5d52fa047aaa07c10563b9e7ef4e786faf935f29d255858fac37d314bef7d24651ddebe60cb4342d98e0feaee5ca010c500c04" \ 
 -H "Client-Request-Id: 34" \ 
 -X GET "/api/v2/accounts/all"

Example of unpacked Authorization header

{"data":{"per_page":50,"from_id":665},"exp":1574093211}

Example of response

{"meta":{"time":"2019-11-18T16:04:51.182Z","next_id":865},"data":[{"id":"864","name":"Visa","nature":"credit_card","iban":"FK54RAND61068428516174","number":"450746508","sort_code":"16-26-63","swift_code":"qALtN","currency_code":"GBP","balance":37,"available_amount":30.5,"provider_account_id":"229","extra":{},"payment_account":true,"created_at":"2019-11-18T16:04:51.182Z","updated_at":"2019-11-18T16:04:51.182Z"}]}
Request

GET /api/v2/accounts/all

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Holder

Returns holder information that belongs to a PSU. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0MzUwODE3fQ.grBL8TsYYtJ6wQR3pK9h2FWyi2VbYoc9rwdT14uKMjOHpIChiW0i7HmuxIlwn18noPsw6fTywlVQkhmqx3pQEvcnNOOcXWTrCch7SxncSHtk6YPHzkVVjG77-1xEhTMQVTbrs0OTOGri2ckxCcV10UUf9SILtYg8aB2dmqJCeM5UtTnxwIvkKhtpFzU1p1PccvG_q5FbKu_1GVNteoON9gFg8Nj3F3VZuNJmOA7Vtf8Q4We8nKfqR5Q0lh7UTYZv52rFAkQrcbgvc0l4NKPH8zZxLfr6howWdI6ekJOY1SDq1wtgf-yV1TqaL7K6fxK2B47grXNnz5UAyZzKwJXAPw" \ 
 -H "App-Id: HyR-HnEk7_WMUJv8BD6LkA" \ 
 -H "App-Secret: yqQW_-qL3l1YnoJyzDvX-g" \ 
 -H "Access-Token: 20442d11db40783035aa521337d264760fe46e0b241389fdc2081dae37a9952f6b5f58a7341a990c46a38b6b38c03770a4ecbd4d495c4030e323ad1b292d428f" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/accounts/holder"

Example of unpacked Authorization header

{"data":{},"exp":1574093211}

Example of response

{"data":{"name":"John Smith","email":"example@example.com","phone":"727096456","address":"409 Broadway GUILDFORD","date_of_birth":"1989-01-18"}}
Request

GET /api/v2/accounts/holder

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Payment

Returns accounts that are available for making payments and belong to a PSU. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NTY4OTM4fQ.gKDbF6kBAHZUgG-emK3L6zU2ppEbhZkzVSxK09WwpGLPxvzrsE0_KD3grAgLO9Au-3VtBH0xcyhbIXUn7V8F-cvuoUBP4FuytxaaZuYspKBhLsRChREJ4FxxS87SnxOVQGBhTYKQgKn7i8lgsmr2uL27TUqMMe7mqhI5GNl47IAjov5o-cT_w2354M6fUp3c_vX4Are28XTF4xivstFBG5ES-wJfBFIbEPWFgi55usd0AHrNZNkZqFPIxXpj2s1a3bcE2DhpEdOEIFtNX1jwityXCXk-Rkg8Sxhnt35-gzQOgXEy5sIhvugV4LxjvH_4hoX4vPmuxm8RiCIhSYQ8fw" \ 
 -H "App-Id: 9zP5wU8ItSUlkvWHViCt1w" \ 
 -H "App-Secret: SJDCclW3NkeeAhJX7CX4dA" \ 
 -H "Access-Token: 728037d96181287cd2394f43943d07897fc1a52a0b657489ee2fc34c54c7e8dc95959621394c1a6ce49db0c6e19a9a62909152bd4e39a9a7ca57bb572ee7ef41" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/accounts/payment"

Example of unpacked Authorization header

{"data":{},"exp":1574093211}

Example of response

{"data":[{"id":"735","name":"Test payment","nature":"account","iban":"FK93RAND00954339238694","number":"836076798","sort_code":"84-42-94","swift_code":"CN9zd","currency_code":"EUR","provider_account_id":"43","created_at":"2019-11-18T16:04:50.985Z","updated_at":"2019-11-18T16:04:50.986Z"}]}
Request

GET /api/v2/accounts/payment

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Refresh

Initiates the process of refreshing PSU data (accounts, transactions, holder info) on Salt Edge PSD2 Compliance side from the ASPSP which issued the access token.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImZyb21fZGF0ZSI6IjIwMTktMDgtMTgiLCJ0b19kYXRlIjoiMjAxOS0xMS0xOCIsImluaXRpYXRlZF9ieV9jdXN0b21lciI6ZmFsc2UsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSJ9LCJleHAiOjE2MTQzNTA4MTd9.eJc5OLcHltmZ81Qx6YYOlkwJMFBBHRze4bxOgiUcJXUilfQhsW-jPo_aFZwfeYpbF402gJvvF7uYNM-08bGDpTcYhWZLbh6MuKiY3p33Us8ccftEcDA_gKVA-mi7wWpdeyQpaKPQ9lhk5ZeGpkshkyIqYwIRvbVljFjWeEbOrTKpHsEyD-oSJoBIBHepvLDPQcrhtGSuDWJI2H39BYly1wzOan5x6clV_pzWsbEGaVdQCZQ9bzTGsans3PAIzLy7CB0K35-CrUZEfCKFruPlM189vSy2b3akWunVuKaGofAUB7VitatMmP2NOgBnCd7UiOEOQHzJGoM6bnR6qUtbDA" \ 
 -H "App-Id: UJbEee74CaUNMzrvzfAtUQ" \ 
 -H "App-Secret: B_oeBL7GIK9jPxzQSrmlLQ" \ 
 -H "Access-Token: b2e3f5f24b69dad11a89e9fdada9dd695a1e8f965a3f33248ea41ae6ca46c0d3a2ea38233fe9b6cedeaa9067ee89bb87981d0988bd688e8b8056640c86350b6f" \ 
 -H "Client-Request-Id: 17" \ 
 -X PUT "/api/v2/accounts"

Example of unpacked Authorization header

{"data":{"from_date":"2019-08-18","to_date":"2019-11-18","initiated_by_customer":false,"redirect_url":"https://user.will.be/redirected/here"},"exp":1574093211}

Example of response

{"data":{"session_secret":"fssZuhgv1LNyG_TaHmgv"}}
Request

PUT /api/v2/accounts

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.

Transactions

Returns transactions for a specific account. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6MTY1fSwiZXhwIjoxNjE0MzUwODE4fQ.EPt1HHcMoJKhVU8VEN3nI6SbNqVgO2sQRPZItkU2UxMlwCf8sBfVP9RWiXnZr9bbzv4EuQSvm69OSe3bIx-jJRuc_3ku9vH88wEKkA09P8wob_MXu_4yY-sFGnecaB0fgCHC_nX1FZYEofrS6u-BBpp907HP1yvbpjkLLaYbPO0xqwgWmpkAwnAIq2402jt9ielNr1SK_h7Gkm3_AjAA12uXKxms99RKhnaWI9AKZ7ShBqzh6T4zEDyXKhHrvvJbnbyQTmpNlunBGiDv8ADXVjrCgNjMlT0wM5A8kz1yFI4YGOgBK29Z8Um7_NVVxcVmOVFq6Z8r7aAWwgrFjEDzQw" \ 
 -H "App-Id: 1aeKgOrMn24XdsU8K5vgNw" \ 
 -H "App-Secret: YTYP2gAUWcXW3l9wvtMT6w" \ 
 -H "Access-Token: cf3f53fd0422519c4259cbbad9cdd556a5e6e03618a474431823e394b6f1204c98a46609f0606e8920a153665175739cc0174f721b263aeb0838f1a1afef8d3e" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/accounts/:account_id/transactions"

Example of unpacked Authorization header

{"data":{"per_page":50,"from_id":165},"exp":1574093211}

Example of response

{"meta":{"time":"2019-11-18T16:04:51.253Z","next_id":1055},"data":[{"id":1054,"account_id":711,"currency_code":"EUR","amount":16.54,"fees":[{}],"description":"Internal transfer.","extra":{},"provider_transaction_id":"614","made_on":"2019-11-18T16:04:51.252Z","status":"posted","category":"transfer","created_at":"2019-11-18T16:04:51.253Z","updated_at":"2019-11-18T16:04:51.253Z"}]}
Request

GET /api/v2/accounts/:account_id/transactions

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
account_id (path)
integer, required
Account identifier on Salt Edge PSD2 Compliance Solution. Can raise: AccountNotFound
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
AccountNotFound 404 Account specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.