Support

Below you can find some frequently asked questions

Basic information

How to use AIS APIs?

 

Create Consent - Account


In order to retrieve a user’s account data, explicit consent has to be created and confirmed by the user. User’s account data are provided only for valid consents. By following the below listed steps a valid consent would be created:

 

1st step: POST/consents - Create consent
This method creates a consent resource, defining access rights to dedicated accounts of a given PSU-ID. For details please see call parameters description. TPP is also required to redirect the user to the authorisation server with appropriate data that is received from a successful first call (POST Create Consent), redirect links are provided within the response.

Important: Consent can be created for account data, transaction data, balance data with a single method. To obtain only account data, “accounts” has to contain valid account data in this method. To obtain transactions data, “accounts” and “transactions” in the method Create consent has to contain valid account data. To obtain balance data, “accounts” and “balances” in the method Create consent has to contain valid account data.

2nd step: GET/consents/{consentId}/status - Consent status request
Read the status of an account information consent resource. Once the »Consent status request« returns the “consentStatus” “valid”, the consent was properly authorised by the user and can be used in further flows for retrieving account data.

Optional methods:
• GET/consents/{consentId} - Get Consent Request
• DELETE/consents/{consentId} - Delete Consent
• GET/consents/{consentId}/authorisations - Get Consent Authorisation Sub-Resources Request
• GET/consents/{consentId}/authorisations/{authorisationId} - Read the SCA status of the consent authorisation.

Create consent

 

Get Account Details


Prerequisite: valid consent (see Create consent) with valid IBAN in “accounts” in the method Create consent.
Steps to get account data details:

 

1st step: GET/accounts - Read Account List
Read the identifiers (resource ID) of the available payment account together with booking balance information, depending on the consent granted. This method requires to provide the consentID as a header parameter, and will return the correct account according to the provided consent.

2nd step: GET/accounts/{account-id} - Read Account Details
Returns details about an account based on the provided resource ID, obtained with the method Read Account List, with balances where applicable.

 

Get Account Transaction List and/or Transaction details


Prerequisite: valid consent (see Create consent) with valid IBAN in “accounts” and “transactions” in the method Create consent.
Steps to get transaction list and details data:

 

1st step: GET/accounts - Read Account List
Read the identifiers (resource ID) of the available payment account together with booking balance information, depending on the consent granted. This method requires a consentID to be provided as a header parameter, according to which the correct account is returned.

2nd step: GET/accounts/{account-id}/transactions - Read Transaction List
Read transaction reports or transaction lists of a given account addressed by "account-id", depending on the steering parameter "bookingStatus" together with balances.
Important: The »Read Transaction List« call has some query parameters that can be used to narrow down the list of returned data, please check the specifications of this call for more details.

3rd step: GET/accounts/{account-id}/transactions/{transactionId} - Read Transaction Details
Reads transaction details from a given transaction addressed by "resourceId" on a given account addressed by "account-id". This call is only available on transactions as reported in a JSON format.

get account transactions
 

Read Account Balances


Prerequisite: valid consent (see Create consent) with valid IBAN in “accounts” and “balances” in the method Create consent.
Steps to get balance data:

 

1st step: GET/accounts - Read Account List
Read the identifiers (resource ID) of the available payment account together with booking balance information, depending on the consent granted. This method requires a consentID to be provided as a header parameter, according to which the correct account is returned.

2nd step: GET/accounts/{account-id}/balances Read Balance
Reads account balance data from a given account addressed by "account-id".

How to use PIIS APIs?

Check Funds Available
Prerequisite: valid consent (see Create consent) with valid IBAN in “accounts”, parameters “confirmationOfFundsAllowed” with the value “true” and “validUntil” has to be set to “9999-12-31”, in addition, “accounts” has to contain valid account data, “transactions” and “balances” have to be empty in the method Create consent.

Steps to check if funds are available for payment execution:

1st step: POST/funds-confirmations - Confirmation of Funds Request
Checks whether a specific amount is available at the time of the request on an account linked to a given tuple card issuer(TPP)/card number, or addressed by IBAN and TPP respectively.

How to use PIS APIs?

Initiate Payment – SCA required


Steps to initiate a payment:

 

1st step: POST/{payment-service}/{payment-product} - Payment initiation request
This method is used to initiate a payment at the ASPSP. Parameters of this call are described in details under the method specification. 
Important: After the initial »Payment Initiation Request« the user needs to be redirected to the authorisation URL provided in »scaRedirect« of the response.

2nd step: GET/{payment-service}/{payment-product}/{paymentId}/status - Payment initiation status request
This call is optional, but gives essential information regarding the transaction status of a payment initiation.

Optional methods:
• GET/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} - Read the SCA Status of the payment authorisation
• GET/{payment-service}/{payment-product}/{paymentId} - Get Payment Information
• GET/{payment-service}/{payment-product}/{paymentId}/authorisations - Get Payment Initiation Authorisation Sub-Resources Request

Initiate_payment_sca

Initiate Payment – SCA not required
Steps to initiate a payment:

1st step: POST/{payment-service}/{payment-product} - Payment initiation request
This method is used to initiate a payment at the ASPSP. Parameters of this call are described in details under the method specification.

2nd step: GET/{payment-service}/{payment-product}/{paymentId}/status - Payment initiation status request
This call is optional, but gives essential information regarding the transaction status of a payment initiation.

Optional methods:
• GET/{payment-service}/{payment-product}/{paymentId} - Get Payment Information
• GET/{payment-service}/{payment-product}/{paymentId}/authorisations - Get Payment Initiation Authorisation Sub-Resources Request

Glossary

AISPAccount Information Service provider
PISPPayment initiation service provider
PIISPPayment Instrument Issuer Service Providers
PSUPayment service user
TPPThird-party provider
ASPSPAccount Servicing Payment Service Providers
SCAStrong Customer Authentication

Were do I start?

Browse the available banking APIs

Browse the available banking APIs

Take a look at our banking APIs to see what choices are available. Is there an API you can exploit in one of your applications? Use the supplied APIs to quickly construct a fully featured application.

Explore our APIs

Sign Up on Sandbox

Creating an account is free. Click ‘sign up’ from the home page, then enter your name, email address and password. We'll then send you an email with an activation link. Click the link, and you'll be ready to start developing.

Create an account

Create an app

Before you can use an API you have to register your TPP application. When you register an application, the application is assigned a unique client ID and client secret. You must use the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client secret. Check the API description for the details.

Register app

Invite members

Invite other members of your organization.

Invite developers

Choose an API plan and test

After your application is registered you need to subscribe to a plan. The plan determines the number of API calls that your application can make. All plans on Developer Portral Sandbox are free of charge. At this moment there is just "Default plan" available, which allows you to do 100 calls per hour. Once your application is subscribed, you use received credentials to test all APIs included in the subscribed products.

API products

Use APIs in production environment

Before accessing production environment you should perform relevant tests. Accessing test environment APIs does not require an eIDAS certificate and TPP license. In order to access the production APIs, you must have a valid eIDAS certificate and a valid TPP license. Before first use of PSD2 APIs in production environment TPP has to call the registration API. It will automatically check the validity of eIDAS certificate, AIS/PIS/PIIS licence and register the new TPP in our systems. After positive response TPP is able to use all PSD2 APIs, according to given role.

How do I start with the simulation environment

Register your TPP application

Log in on this developer porta and click the “Apps” section in menu.

Click the »Create new App« button.

create a new application

Enter the »Title« of your application and optional »Description and »OAuth Redirect URI« and past in your certificate (in case the API requires one). Click on »Save« button to complete the registration of your application.

Enter app details

Now that you've registered your application, you can browse the APIs and subscribe on them. Client ID and Client Secred Id are generate automatically. Make sure you save the data.

app confirmation

Subscribe on test environment

Before using test cases below, please read the API documentation and swagger definitions under API product tab.
In Bankart API portal mandatory PSD2 APIs are available.
API specification is available as a Swagger file, under »Explore our API« button.
All APIs follow Berlin standard, JSON format is supported.
APIs published on the portal are sandbox versions.
APIs published on the portal return static answers.
All data in the tables below is intended for testing and has no relation to real data.
Data in tables can change at any time without prior notice.

Payment Instrument Issuing

APIIBANCURRENCYExpected result
post /funds-confirmationsSI56051001001033999EUR"true"
SI56051001001033988EUR"false"
SI56051001001033977EUR"true"
SI56051001001011977EUR"false"

Account Information Service

APIIBANCURRENCYConsent-IDWithBalanceAccount-idTransactionId
get /accountsSI56051001001033999EUR12345TRUE  
SI56051001001033999EUR123456FALSE  
SI56051001001044999EUR1234567TRUE  
get /accounts/{account-id}SI56051001001033999EUR TRUE or FALSE8735076338630656 
SI56610000018109471EUR FALSE8735076338658900 
get /accounts/{account-id}/transactionsSI56051001001033999EUR FALSE8735076338630656 
SI56051001001044999EUR TRUE8735076338630333 
get /accounts/{account-id}/transactions/{transactionId}SI56051001001033999EUR  87350763386306562030000202303039
SI56051001001044999EUR  87350763386305452030000202303040
get /accounts/{account-id}/balancesSI56051001001033999EUR  8735076338630656 
SI56031101000397567EUR  8735076338630655 

Payment Initiation Service API

APIpayment-servicepayment-productpaymentId
POST /{payment-service}/{payment-product}paymentssepa-credit-transfers* token is mandatory
GET /{payment-service}/{payment-product}/{paymentId}paymentssepa-credit-transfers73bafcc1-ddc1-4c58-abcc-3b4de6e5e482
GET /{payment-service}/{payment-product}/{paymentId}/statuspayments 73bafcc1-ddc1-4c58-abcc-3b4de6e5e482
payments 73bafcc1-ddc1-4c58-abcc-3b4de6e5e222
DELETE /{payment-service}/{payment-product}/{paymentId}paymentssepa-credit-transfers73bafcc1-ddc1-4c58-abcc-3b4de6e5e482
*with SCApaymentssepa-credit-transfers73bafcc1-ddc1-4c58-abcc-3b4de6e5e222

Consents Service API

APIconsentId
POST /consents*token is mandatory
GET /consents/{consentId}/status16dd7e042-963f-4e28-9a50-334a167a44ba
GET /consents/{consentId}6dd7e042-963f-4e28-9a50-334a167a44ba
DELETE /consents/{consentId}6dd7e042-963f-4e28-9a50-334a167a44ba

 

Instructions for testing APIs with enabled advanced security features (OAuth2, SCA)

By definition certain crucial PSD2 APIs require OAuth2. These are marked accordingly in our API documentation and swagger definitions. Here are some examples:

- consent APIs (all within PSD2 Account Information product)

- payment APIs (e.g. payment initiation request) 

On top of that, these APIs in principle (when there is no exemption defined by business rules) also require an SCA (strong customer authentication) post step. 

3.1 OAuth2

We are using the authorization code flow. As a first step you need to open the GET /oauth2/authorize link in a browser with the URL parameters response_type, client_id, redirect_uri, scope and IBAN (optional).

Possible values for scope are:

- for Account Information: psd2:acc

- for Payment Initiation: psd2:pay

Please mind scope used in this sandbox differs from scope that should be used in production environment. Check production swagger for more information as to production values.

Example:

.../oauth2/authorize?response_type=code&client_id=db...&redirect_uri=https://www.xyztpp.si&scope=acc&iban=SI56XXXXXXXXXXXXXXX

Of course you need to use your own i.e. you subscribed applications client_id and redirect URI. You can also achieve this redirect by selecting the "Authorize" button in the documentation of the protected API. As the authorization page opens, enter any username and password combination and select "Allow Access" on the second page. This will send you to the redirect URI with a newly generated access code as an URL parameter. You need to extract this code from this URL to get the token. To exchange the access code for the token you need some tool that can do a simple POST request, for example curl. You need to pass grant_type, client_id and code as x-www-form-urlencoded data. Here is an example:

curl -d "grant_type=authorization_code&client_id=dbe...&code=AAL7lhdq6k..." -H "Content-Type: application/x-www-form-urlencoded" -H "accept:application/json" -X POST https://api.bankart.si/psd2/delavska-hranilnica/sandbox/oauth2/token

This will return a JSON object with the token, which you can then use to call the OAuth2 protected APIs (insert the token value prefixed with "Bearer " in the "authorization" header field) or simply paste it in the "Acces token" field in the developer portal and call the API this way. For details (URLs , parameters etc.) please also see the published swagger documents. 

3.2 SCA (Strong Customer Authentication)

According to PSD2 Berlin Group standard a SCA step is required after certain crucial i.e. sensitive API calls. We are using an implicit flow with a simple redirect (not OAuth2) for this purpose. Please check the API response header for ASPSP/PISP-SCA-Approach value and when present send i.e. redirect the end user to the URL provided in the _links/scaRedirect response element. There is no direct return of information from this redirect to your app, but certain crucial calls are made in the background to complete the authorization and process the payment or create a consent object. In our sandbox environment you can even omit this step, but for production APIs it is critical for the client to be redirected to the SCA link (when provided) if you wish the entire API flow to complete as intended. You are able to check the outcome of SCA with corresponding .../status API calls (for their details please see the API documentation i.e. swagger definition) from your application. 

Apps

How do I register an application?

When you add an application you are provided with an API Key and Secret for the application. You must supply these credentials when you call an API that requires you to authenticate your application.

To register an application click on Apps in the main menu and then click on the 'Create new app' link. Once you have provided an application name, description, etc you will be shown your application API Key and Secret.

Make a note of your API Secret because it is only displayed once.

How do I reset my application API Secret?

Your API Secret is stored encrypted so we cannot retrieve the unencrypted version to tell you the value if you forget it.

You can reset it, which will update the stored value and return the new value to you.

To do that click 'Apps' in the main menu, click on the application in question and then you can click the 'Reset' link in the 'API Secret' section.

Your new Secret will be displayed at the top of the page.

Using our APIs

I just want to use an API? What are plans?

A plan is collection of API resources or subsets of resources from one or more APIs. A plan can contain a mixture of operation types from different APIs. A plan can have a common rate limit for all the resources or each resource can have a different rate limit. Rate limits specify how many requests an application is allowed to make during a specified time interval.

Use this Developer Portal to browse the different plans that are available to you and select a plan that is most suitable for your requirements. Some plans have restricted access that you must request access to use. When you submit your request, the organization is notified, the API administrator assesses your request and they might contact you for more details. Other plans are available to use straight away.

How do I see my API usage?

The numbers of requests, for different APIs, that your application has made are shown on your application page.

Click 'Apps' in the main menu and then click on your application. In the 'Product Subscriptions' table you will see all plans your application is subscribed to.

For each API contained in that plan you can see the usage compared to the rate limit of the plan.

 

How can I test an API?

It is possible to test an API from this Developer Portal.

When looking at the details of an API you will see a list of the operations contained in the API. This will show the verb and path to use for the operation.

If you click on the operation you will see more information about it, what parameters it might take, what it returns, what possible return codes it might use and what they mean.

There is also a 'Try' button on REST APIs which enables you to try the operation out direct from the Developer Portal.

If the API requires a client ID or a client secret for identification then you can specify these using your application credentials at the top of the 'Try' section.

Do you still have some questions?

Click here to contact our support
Image CAPTCHA
Enter the characters shown in the image.