SaltEdge PSD2 Compliance Logo
Embedded Authentication Flow Embedded Authentication Flow
OAuth Authentication Flow OAuth Authentication Flow

Show

Return current state of a token.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NDkzMzMzfQ.aWGPb4-nAmoyxi9sUPsRaEIY-Orxb77H8SlEJvhw6HR3O4ISuD_I0E-Jsd8rBmvF1ySQFJIwWMgemPkCscDwtYaMImyN03lWGyXzq7QhDfO4FTiE71wlE9myzxr2Dn-Ziw0nu0P0vSzqyJdDXKoqjM15931L9nqW7YFuuOfATix06R29wYGDUxINW184lVUH3rhuatCHc0DnjRoSEgvLjAgYBTOJjrmsUtQt4-6_nIgUENJkQyRBbDb2vFXxeukqmoPTic_hWGY47iIurpWjOMQuU-gM6L8izTVl_VvnuKw1szqFLxeshcIY-ghO7D7oGPPXUoFVgGEticX0KWAibw" \ 
 -H "App-Id: 6mWl9hbxoN3rg_nX4804tw" \ 
 -H "App-Secret: 6FdCub2C2AMQbyaI6KSv4Q" \ 
 -H "Access-Token: 7eb89bd116268f02b5ab5ab6f46a89a65a8476d8c287a84fdceae03724d5511ae445b0342c73fc02681b3fcbbfeb12cf78e9292956b67ea76d20dfff0a1ba7a2" \ 
 -H "Client-Request-Id: 54" \ 
 -X GET "/api/v2/tokens"

Example of unpacked Authorization header

{"data":{},"exp":1574093211}

Example of response

{"data":{"scopes":["accounts","transactions","kyc","payments","funds_availability","trusted_beneficiaries"],"access_token_expires_at":"2019-11-18T16:04:51.638Z"}}
Request

GET /api/v2/tokens

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Remote

Initiate the process of authentication on behalf of PSU. During this process, TPP will receive callbacks with instructions and current status of session. Prior to this, TPP is required to ask PSU for consent. TPP can also set up a custom expiration period for the consent in the field `consent_period_days`, which cannot be greater than 90 days.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbnNlbnRfcGVyaW9kX2RheXMiOjkwLCJjcmVkZW50aWFscyI6eyJhdXRob3JpemF0aW9uX3R5cGUiOiJQU0RfQUlTUCJ9LCJwcm92aWRlcl9jb2RlIjoiZGVtb2JhbmsiLCJzY29wZXMiOlsiYWNjb3VudHMiLCJ0cmFuc2FjdGlvbnMiLCJreWMiLCJwYXltZW50cyIsImZ1bmRzX2F2YWlsYWJpbGl0eSIsInRydXN0ZWRfYmVuZWZpY2lhcmllcyJdfSwiZXhwIjoxNjE0NDkzMzMzfQ.dPEjOK-BR6HWpqUnSHbItaEM4sf4EPtawHSIsMQbsHWiuikO4_yPyCIuINyH7Bd3MfI2ksEIi0QDxeB5pfFd55bXEIPRQRrUb-XooJ1jzWFfnDA7ooU-WBoAFiXznvGSw-i-f4_JHKjpIkIqMswNeYGpQ2cCNRT_xZOaRER9M4Y4_-hFOfrbjhYtllm9SJFNfLw-iPQUbAxIIQO2S9_jNBg9ItD30E6FmXnPQS6YVdiqQnwNrY7vhJhTps_UvBL2LeSYCz4xsgXp-6i4TZ0dd8qD7S97LALMt5rorpBJXAzdIw72TY2B9EGusZM5WE2WzxIFNVRhvdPdfmKR6-5FDw" \ 
 -H "App-Id: 8PmTDEfMengvyK1SNFkQ4A" \ 
 -H "App-Secret: n4eSP_GK0CLYoeoT8mOQLg" \ 
 -H "Client-Request-Id: 17" \ 
 -X POST "/api/v2/tokens/remote"

Example of unpacked Authorization header

Example of response

{"data":{"session_secret":"i8wJ74uDGEMjmzjULLWB"}}
Request

POST /api/v2/tokens/remote

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
ScopesInvalid 400 Specified scopes don't match with the ones specified in Provider or OAuthApp. More info in error_message
AuthorizationMissing 400 Authorization header is missing.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Reconnect Deprecated

This endpoint allows TPP to refresh current Access-Token. The behavior can be the following: ASPSP can just return a new token, ask for MFA or ask for reconnection. In any of the cases above TPP will receive a session callback and the following behavior will be stored in the session object.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNvbnNlbnRfYXBwcm92ZWQiOnRydWV9LCJleHAiOjE2MTQ1NzE2NjF9.MhepE4V_wxfi4GG4QaqtcmrQ021eb0U0gv-JVp_4Xb99JPSikDhuNXbfRJlYf4v2tuCCLIhaQA8tgWYaZ3yhCUpaU2n1YeVN7yEcMHyMgZ6QnJ5OJgQnyctFwhzR0xnUltX9TevzCd_AHJvcKilepEVIorBPJ_K-qlOy2_tmD3xs7f-8fjqAn4-yS6ShZrRrqAN_rohVVf1w6u2OD67uPw9zHwd1kOzTZFeLg_mupcThrdGVYL2d3_4xjenZDHHSLfybbLKcC7bSNXnYrW6fOfoUZ43o0jEu7jr7YueiENv8JZyQVlxxC4NDEcZPKhDeG3Wnh4QB5pyIGvtXXtbwZw" \ 
 -H "App-Id: tUZHZ05b5klLnOH5ZgRp_Q" \ 
 -H "App-Secret: hfie0Uy_ZnvVIzh3OeA4XA" \ 
 -H "Access-Token: 81a3dac147e5bf8d31f5ef3d16d7423b80c00e66b60eb232a9c98b75af17386e15ed71e5edcf82992a0b3b0c1db58ebf222738dbbc6cf3cc5ec988d798d80fe3" \ 
 -H "Client-Request-Id: 17" \ 
 -X POST "/api/v2/tokens/reconnect"

Example of unpacked Authorization header

{"data":{"consent_approved":true}}

Example of response

{"data":{"session_secret":"4VxpgSvnYrLd_LL5tarN"}}
Request

POST /api/v2/tokens/reconnect

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Revoke

Revoke an already existing and active access token.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NDkzMzMzfQ.aWGPb4-nAmoyxi9sUPsRaEIY-Orxb77H8SlEJvhw6HR3O4ISuD_I0E-Jsd8rBmvF1ySQFJIwWMgemPkCscDwtYaMImyN03lWGyXzq7QhDfO4FTiE71wlE9myzxr2Dn-Ziw0nu0P0vSzqyJdDXKoqjM15931L9nqW7YFuuOfATix06R29wYGDUxINW184lVUH3rhuatCHc0DnjRoSEgvLjAgYBTOJjrmsUtQt4-6_nIgUENJkQyRBbDb2vFXxeukqmoPTic_hWGY47iIurpWjOMQuU-gM6L8izTVl_VvnuKw1szqFLxeshcIY-ghO7D7oGPPXUoFVgGEticX0KWAibw" \ 
 -H "App-Id: iiniPo3zkfpOgmHrmk0Osg" \ 
 -H "App-Secret: gNebmvKyKAVTxY_fSVe-kQ" \ 
 -H "Access-Token: 874bcafd85e1332e8657cfb68016ed33f52b055adeead1d97fdfd96fc4cb847b957ee63f407d459b80eef76951e967501ca6c0282e4a4e7f838906856720a0bf" \ 
 -H "Client-Request-Id: 17" \ 
 -X DELETE "/api/v2/tokens"

Example of unpacked Authorization header

{"data":{},"exp":1574093211}

Example of response

{"data":{"revoked":true,"access_token":"yVJ-2246zz-1yRutZstm"}}
Request

DELETE /api/v2/tokens

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Show

Due to the asynchronus nature of requests, most of responses represent a session_secret. This endpoint could be used to verify the currrent state of newly created sessions.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NDkzMzMzfQ.aWGPb4-nAmoyxi9sUPsRaEIY-Orxb77H8SlEJvhw6HR3O4ISuD_I0E-Jsd8rBmvF1ySQFJIwWMgemPkCscDwtYaMImyN03lWGyXzq7QhDfO4FTiE71wlE9myzxr2Dn-Ziw0nu0P0vSzqyJdDXKoqjM15931L9nqW7YFuuOfATix06R29wYGDUxINW184lVUH3rhuatCHc0DnjRoSEgvLjAgYBTOJjrmsUtQt4-6_nIgUENJkQyRBbDb2vFXxeukqmoPTic_hWGY47iIurpWjOMQuU-gM6L8izTVl_VvnuKw1szqFLxeshcIY-ghO7D7oGPPXUoFVgGEticX0KWAibw" \ 
 -H "App-Id: lYbM35hScWwT52d6Zxz-Lg" \ 
 -H "App-Secret: ssZn53PTzxSv6kI1nJzlUQ" \ 
 -H "Client-Request-Id: 4565" \ 
 -X GET "/api/v2/sessions/:secret"

Example of unpacked Authorization header

{"data":{},"exp":1574093210}

Example of response

{"data":{"secret":"BVuveSLQCrA5jBYUyxXe","status":"fetched_kyc","extra":{"scopes":["accounts","transactions","kyc","payments","funds_availability","trusted_beneficiaries"]},"token":{"access_token":"5kHijxm_DEWoP5ncHWcF","expires_at":"2019-11-18T16:04:50.915Z"},"provider_code":"demobank","id":302,"fail_at":"2019-11-18T16:04:50.915Z","success_at":"2019-11-18T16:04:50.915Z","created_at":"2019-11-18T16:04:50.915Z","updated_at":"2019-11-18T16:04:50.915Z","events":[{}],"authorization_details":{"instruction":"Use PIN code from just received SMS. ","mfa_fields":[{"code":"sms_pincode","display_name":"SMS-PIN","optional":true,"type":"embedded","nature":"text"}]},"customer_id":983}}
Request

GET /api/v2/sessions/:secret

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
secret (path)
string, required
Another session identifier that can be used for session lookup and confirmation. Can raise: SessionNotFound
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Confirm

This endpoint is used for processing additional interactive steps in the process of access token creation or account's refresh.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiNDU2OCJ9fSwiZXhwIjoxNjE0NTcxNjYxfQ.DH2YsDyQ2_UoMXhauS6Og9nfMUze4LCJPpGYoibGApX_7d4sD2S-8vf5310y3Rgw8MAu8ssryxZ2nvWnBxnQDNsql7ADYrsgNbV5cSdee_80xMbrglUUSWn2tgGlmywyOFZa94zXe2_Lvh4BNY2F1ki6FmnEnVTUZ7YH-Hkx9OV04EGfq6lsL1NpuZPwEigM3R4sMTXDNnIbPAnXWtmLb24dhyaA4L0ZBoxJuOKIIpoQFLvQ-s8ACnvQbfVplrg4Zinc_7MMf04UpXTYEwWEDe0D5O1jR2JI9iUR-IshdBzMzR6QmRq57PKNfqjys6gfp4uJUe_n4ZtD0y90r5OFyg" \ 
 -H "App-Id: RC37EiVDTH72Dy66RiWfRA" \ 
 -H "App-Secret: X-iIITSQB7qTeTYH_99H5A" \ 
 -H "Client-Request-Id: 17" \ 
 -X PUT "/api/v2/sessions/:secret"

Example of unpacked Authorization header

{"data":{"credentials":{"sms_pincode":"4568"}},"exp":1574093210}

Example of response

{"data":{"secret":"xkeTNwR3GHH3cHcq3UCt","status":"waiting_confirmation_code","extra":{"scopes":["accounts","transactions","kyc","payments","funds_availability","trusted_beneficiaries"]},"token":{"access_token":"BVGU4xsgFdZRDx2BDoG1","expires_at":"2019-11-18T16:04:50.787Z"},"provider_code":"demobank","id":625,"events":[{}],"authorization_details":{},"customer_id":469,"fail_at":"2019-11-18T16:04:50.787Z","success_at":"2019-11-18T16:04:50.787Z","created_at":"2019-11-18T16:04:50.787Z","updated_at":"2019-11-18T16:04:50.787Z"}}
Request

PUT /api/v2/sessions/:secret

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
secret (path)
string, required
Another session identifier that can be used for session lookup and confirmation. Can raise: SessionNotFound, SessionClosed, SessionExpired, ActionNotAllowed
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
AuthorizationMissing 400 Authorization header is missing.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.

Destroy

Cancel session.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NDkzMzMzfQ.aWGPb4-nAmoyxi9sUPsRaEIY-Orxb77H8SlEJvhw6HR3O4ISuD_I0E-Jsd8rBmvF1ySQFJIwWMgemPkCscDwtYaMImyN03lWGyXzq7QhDfO4FTiE71wlE9myzxr2Dn-Ziw0nu0P0vSzqyJdDXKoqjM15931L9nqW7YFuuOfATix06R29wYGDUxINW184lVUH3rhuatCHc0DnjRoSEgvLjAgYBTOJjrmsUtQt4-6_nIgUENJkQyRBbDb2vFXxeukqmoPTic_hWGY47iIurpWjOMQuU-gM6L8izTVl_VvnuKw1szqFLxeshcIY-ghO7D7oGPPXUoFVgGEticX0KWAibw" \ 
 -H "App-Id: TnzE5rqosgx9vrox4mU5EA" \ 
 -H "App-Secret: ngYWj5vwwkf-fT1MkB6DBQ" \ 
 -H "Client-Request-Id: 17" \ 
 -X DELETE "/api/v2/sessions/:secret"

Example of unpacked Authorization header

{"data":{},"exp":1574093210}

Example of response

{"data":{"session_secret":"_PkwuzoztNR3vz2-MzrJ"}}
Request

DELETE /api/v2/sessions/:secret

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
secret (path)
string, required
Session secret. Can raise: SessionNotFound, SessionClosed, SessionExpired, ActionNotAllowed
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
AuthorizationMissing 400 Authorization header is missing.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.

Create

Create a trusted beneficiary on behalf of PSU.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImFsaWFzX25hbWUiOiJNeSBiZW5lZmljaWFyeSIsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSIsInRlbXBsYXRlX2lkIjo2ODMsInBheW1lbnRfaWQiOjQzMjQsImV4dHJhIjp7fSwiaWRlbnRpZmllcnMiOnsiYW1vdW50IjoiMjI3LjEzIiwidG9fYWNjb3VudCI6IjEzMTM2MTMiLCJkZXNjcmlwdGlvbiI6IlRlc3QgcGF5bWVudC4iLCJmcm9tX2FjY291bnQiOiIxMzEzNjM0In19LCJleHAiOjE2MTQ1NzE2NjF9.jZvac3Eggwc6NQF8m4NeU2ggmXwaQ6wVBer41GPT3s6VSOf9nw9ydgGiOfbGC7VcqfSStrszY7iy_bXnNvodUnrjBf8g0qjQxy4ZxuhRC3viP4GBwHl_ARZis8P63iuwbs9HbyK6HbgJEf0ThaLGOii-SvoPdht7eNmO8APpDtHiNZYKgmkR0J1ahuzMkSTlhk-pK_T-080k3IvOP0kkmO368erjpDWlkqH5bysaMjwfeYijBjiATl5dmgvDgJfjpUFr4DtpK15t7TRk2HxYlFuaLVptPU7AhhHcMy-P3zpzNKH0xxc7cr7K49-j0RknDrubxGl2rZr3PrYRNa71pQ" \ 
 -H "App-Id: e9IAjakAOBKtWsjZZlcTtg" \ 
 -H "App-Secret: MD4qCPou6U5yKEF-EVZycw" \ 
 -H "Access-Token: 3a0ef521152c974680cc9901be8d7dc365b67e5d48991e5b026734e4ead15b79e09757460dd94c5096c54f7a76d9c78fc90cae22297ba5e51c39b388ab3709f7" \ 
 -H "Client-Request-Id: 17" \ 
 -X POST "/api/v2/trusted_beneficiaries"

Example of unpacked Authorization header

{"data":{"alias_name":"My beneficiary","redirect_url":"https://user.will.be/redirected/here","template_id":683,"payment_id":4324,"extra":{},"identifiers":{"amount":"227.13","to_account":"1313613","description":"Test payment.","from_account":"1313634"}},"exp":1574093211}

Example of response

{"data":{"beneficiary_id":995,"session_secret":"sn_Fnxn3dExQmJxTCARL","status":"processing"}}
Request

POST /api/v2/trusted_beneficiaries

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Create a trusted beneficiary on behalf of PSU.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
TemplateNotFound 404 Template specified in request does not exist or cannot be retrieved.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.

Show

Endpoint used to fetch all data relevant to a trusted beneficiary including alias_name, identifiers, status and other.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NTcxNjYxfQ.kNmIGM_Gpnj-GFu8z35FaAP5TlEBGOb8NacsO2jKR4M2E9k6qBhE5cXK1YIU3OCsQMuzXpW9hKiyEN-U71VC-h97vcRsJhUEENyifS22TK-V3CTZ6QTPGiwBWDaqFmUPCX15OJMedlA47lZzr9M6yMZHzZyhx522KmxbxSr1B3LtCKujIbTjBnPKQHF0JsQAtcuUtWKrFA-l2vSaBCa1OyxRbP9ljuslHOk4TanizMyUTUyYCE2XLQ4nVr5h9sntY59wA148yGg1EoNysfPv73L2UltKpYQMSLj7GtNkPAnKOqWN7H_5fGruO4aP7zqENx0fJaDK1G-peil68xuBBw" \ 
 -H "App-Id: uNwDiUgp12XhONz1E_rV6g" \ 
 -H "App-Secret: QsSGnN7sJHqUCyRnP6IHsQ" \ 
 -H "Access-Token: bf0d0bb0c89896811579dbe456507cb7cf2f5bb9b0b06291670339a22e55eb484f81de6b286235c71c0f27adb1229a717c4b7f089dadaa51cc24145128ad65ab" \ 
 -H "Client-Request-Id: 13" \ 
 -X GET "/api/v2/trusted_beneficiaries/:id"

Example of unpacked Authorization header

{"data":{},"exp":1574173799,"id":414}

Example of response

{"data":{"alias_name":"John Smith GB","status":"approved","template_id":"516","identifiers":{"iban":"FK35****81**45****5635","currency_code":"GBP"},"session_secret":"P5rrqb4hWZ_ghjTj4cBj","provider_code":"demobank","id":719}}
Request

GET /api/v2/trusted_beneficiaries/:id

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
id
integer, required
Trusted Beneficiary identifier on Salt Edge PSD2 Compliance side. Can raise: TrustedBeneficiaryNotFound
Response

Endpoint used to fetch all data relevant to a trusted beneficiary including alias_name, identifiers, status and other.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
TrustedBeneficiaryNotFound 404 Trusted Beneficiary specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Confirm

This endpoint is used for processing additional interactive steps in the process of trusted beneficiary creation.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiMTIzNDU2In19LCJleHAiOjE2MTQ1NzE2NjF9.rQYd1tOT31N5XFdyx3luW8hTSjTPtWeaml4RQiUD4Xv5eHZ5D-kdAeIdHsrKvWuzEnt8IGRJHT4vGePtUmwdWOzpkpBsMdMK35LUgPPe9h_6VOGsxNP9pGh1wKQoAShhSgUCiqv_WOs6xKS-pJDUDKzBoZ3uECyQNIg3UlYcVGvVMN8nYiK_I4gp_bDzHI7WEOl6HV8A63pe3R_IzsS1iaqsIdBNtT-NCL1o31N8rjRU8XJoE7GIFpG-z2pByaGnlWMLwvbX72673RdcBVb4iN6aIgCgKSF2jaRQW2_xyj3JluoRoWm5AEzLdqPrU80l8ziVNNi-10RjWNhrFY9Iwg" \ 
 -H "App-Id: uNwDiUgp12XhONz1E_rV6g" \ 
 -H "App-Secret: QsSGnN7sJHqUCyRnP6IHsQ" \ 
 -H "Access-Token: bf0d0bb0c89896811579dbe456507cb7cf2f5bb9b0b06291670339a22e55eb484f81de6b286235c71c0f27adb1229a717c4b7f089dadaa51cc24145128ad65ab" \ 
 -H "Client-Request-Id: 13" \ 
 -X PUT "/api/v2/trusted_beneficiaries/:id"

Example of unpacked Authorization header

{"data":{"credentials":{"sms_pincode":"123456"}},"exp":1574173799,"id":412}

Example of response

{"data":{"beneficiary_id":815,"session_secret":"Jx7YoAFH-t1UR4yyWHMs","status":"processing"}}
Request

PUT /api/v2/trusted_beneficiaries/:id

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
id
integer, required
Trusted Beneficiary identifier on Salt Edge PSD2 Compliance side. Can raise: TrustedBeneficiaryNotFound, SessionNotFound, SessionExpired, SessionClosed
Response

This endpoint is used for processing additional interactive steps in the process of trusted beneficiary creation.


Related Errors
Class Code Description
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
TrustedBeneficiaryNotFound 404 Trusted Beneficiary specified in request does not exist or cannot be retrieved.
SessionNotFound 404 Session specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Index

Endpoint used to fetch all data relevant to trusted beneficiaries.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayJ9LCJleHAiOjE2MTQ1NzE2NjF9.IertgDcAUHVDHSxSupT5lNUUGOdudg4wUj9FyHz5XIno-8JrdfiQnR1ymJP_MCGSWZ5gEwuED_SQqNs8W0b60V87U-P74r2jrGryKXmu-zh0r2RdQlXfejjYJIpuB8-jC49ChaiH0U3eOPRbq5z6-H7V2vV6wLanEasqekSsg5sXcvI5TdaMfQ--Lae6Ea__YuRt12Egi_cLAxv3grL6X1dsQhCrN0AEiDYh2-7MJnYgorGDobVXJX3IE_SuaIBKzsPwYlSupGN-QZi7xHmzIaqWbRrWxgNukdlwf1lZ0H63mSe95Lq7EdFD33SBDx_fiU7txROmLP4Q4S88SLaoeg" \ 
 -H "App-Id: IsiyTiKCOZDsV6mbafDzgg" \ 
 -H "App-Secret: fzST4gs0xQHOJA9bToRqeQ" \ 
 -H "Access-Token: 2bae74fd42f750e7401e0aa3cc9d5644ac815f5b9d2c16627af18cc76b2f507bc2dac1a10ab77c1b90b7e16423e2a0396d786959f09db9dc02128d820609d8df" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/trusted_beneficiaries"

Example of unpacked Authorization header

{"data":{"provider_code":"demobank"},"exp":1574093211}

Example of response

{"data":[{"id":752,"alias_name":"Example Name","status":"approved","template_id":"75","identifiers":{"amount":"227.13","to_account":"1313613","description":"Test payment.","from_account":"1313634"},"provider_code":"demobank"}]}
Request

GET /api/v2/trusted_beneficiaries

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Endpoint used to fetch all data relevant to trusted beneficiaries.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Index

Returns all ASPSPs which have approved access for your TPP. More information could be found at #requesting-provider-access compartment.

CURL

curl -i  \ 
 -H "App-Id: 5L1UlLqFeEjlFlJ4dzJFDw" \ 
 -H "App-Secret: ym7AeWUYxHp0KG4MghAo-g" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/providers"

Example of unpacked Authorization header

{"per_page":50,"from_id":1}

Example of response

{"data":[{"id":846,"name":"Example Name","code":"demobank","connector_url":"https://user.will.be/redirected/here","status":"live","scopes":["accounts","transactions","kyc","payments","funds_availability","trusted_beneficiaries"],"created_at":"2019-11-18T16:04:50.725Z","updated_at":"2019-11-18T16:04:50.725Z","authorization_types":[{"code":"sms_pin","display_name":"SMS-PIN","scopes":["accounts","transactions"],"instruction":"Use PIN code from SMS to authorize.","required_fields":[{"code":"req_field","optional":"false","display_name":"Sms_pin","type":"string"}],"mfa_fields":[{"code":"req_field2","optional":"false","display_name":"Password","type":"string"}],"sandbox_credentials":{"required_fields":[{"example":"req_field","code":"req_field"}],"mfa_fields":[{"example":"mfa_field","code":"mfa_field"}]}}]}],"meta":{"next_id":2,"time":"2019-11-18T16:04:50.725Z"}}
Request

GET /api/v2/providers

Headers
Header Type Description
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
per_page
integer, optional
Number of providers that should be returned per request or less. Values in range between: 1 and 1000 Default value: 20
from_id
integer, optional
Return providers starting with a specific id. Default value: 0 Values greater than: 0
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Templates

Returns all available payment templates which belong to a specific Provider.

CURL

curl -i  \ 
 -H "App-Id: X3R1wYzjbqdHUnePBINH8A" \ 
 -H "App-Secret: K6gV3EPYH9ZYT7KOrjCuZg" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/providers/:provider_code/templates"

Example of response

{"data":[{"id":757,"description":"Internal transfer","provider_id":251,"payment_type":"internal_transfer","default":false,"extra":{},"created_at":"2019-11-18T16:04:50.658Z","updated_at":"2019-11-18T16:04:50.658Z","payment_attributes":[{"attribute_name":"amount","attribute_type":"number","label":"Amount","optional":false,"position":1,"values":[]},{"attribute_name":"to_account","attribute_type":"text","label":"To account","optional":false,"position":2,"values":[]},{"attribute_name":"currency","attribute_type":"dropdown","label":"Currency","optional":false,"position":3,"values":["EUR","USD"]}]}]}
Request

GET /api/v2/providers/:provider_code/templates

Headers
Header Type Description
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
provider_code (path)
string, required
Human readable Provider identifier. Can raise: ProviderNotFound, AccessDenied
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AccessDenied 401 Action you want to perform is not allowed. More in error_message
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.