Overview
Version 1, 2020-12-10
PSD2 Compliant XS2A Payment services (PSD 2) - Directive (EU) 2015/2366 API based on Berlin Group NextGenPSD2 XS2A Specification v1.3 (BGS).
SCA Approach
REDIRECT SCA approach with implicit Start of the Authorisation Process. Implicit process means that authorisation resource will be automatically created and information returned in the response.
For the redirect approach the individual steps of the SCA are not executed at the XS2A interface, butdirectly between the PSU and the ASPSP. In this case,the PSU isredirected to a web interface of the ASPSP for authentication.
Differences From Berlin Group Standard
Optional parameters
Get account transactions endpoint uses two optional parameters for paging:
- pageSize – sets record count per page;
- page – sets which page is displayed;
API Versioning
Current API version: v1
Only major version of API is used, so all changes that does not break backward compatibility does not increase version number. New API version is added on when non backward compatible changes are made:
- Adding restrictive logic (e.g. making fields mandatory, business validation logic);
- Removing fields;
- Removing endpoints;
Upcoming major API versions are instantly released to production and will run in parallel with old version. Old version will be available for at least 6 months before removal.
1. Account Information Service (AIS)
1.1. Get accounts
Example request:
GET /v1/accounts HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Consent-ID: 26a56972-3ab3-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"accounts": [
{
"resourceId": "99391c7e-ad88-49ec-a2ac-99ddcb1f7757",
"iban": "LT274155754465883232",
"currency": "EUR",
"name": "First account",
"status": "enabled",
"_links": {
"self": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
},
"balances": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
},
"transactions": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01"
}
}
}, {
"resourceId": "99391c7e-ad88-49ec-a2ab-99ddcb1f7757",
"iban": "LT053476455798924767",
"currency": "EUR",
"name": "Second account",
"status": "enabled",
"_links": {
"self": {
"href": "/v1/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447"
},
"balances": {
"href": "/v1/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/balances"
},
"transactions": {
"href": "/v1/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/transactions?dateFrom=2020-01-01"
}
}
}
]
}
GET /v1/accounts
Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.
Path parameters
No parameters.
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
| Consent-ID | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
| X-Request-ID | Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID
|
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
accounts[].resourceId
|
String | Unique identification of corresponding resource. |
accounts[].iban
|
String | International Bank Account Number. |
accounts[].currency
|
String | Account’s currency. |
accounts[].name
|
String | Account name. |
accounts[].status
|
String | Account status. |
accounts[]._links.self.href
|
String | A link to the account resource itself. |
accounts[]._links.balances.href
|
String | A link to the resource providing the balance of a dedicated account. |
accounts[]._links.transactions.href
|
String | A link to the resource providing the transaction history of a dedicated account. |
1.2. Get account
Example request:
GET /v1/accounts/99391c7e-ad88-49ec-a2ac-99ddcb1f7757 HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Consent-ID: 26a56972-3ab3-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"account": {
"resourceId": "99391c7e-ad88-49ec-a2ac-99ddcb1f7757",
"iban": "LT274155754465883232",
"currency": "EUR",
"name": "First account",
"status": "enabled",
"_links": {
"self": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
},
"balances": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
},
"transactions": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01"
}
}
}
}
GET /v1/accounts/{accountId}
Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| accountId | String | false | This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
| Consent-ID | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
account.resourceId |
String | Unique identification of corresponding resource. |
account.iban |
String | International Bank Account Number. |
account.currency |
String | Account’s currency. |
account.name |
String | Account name. |
account.status |
String | Account status. |
account._links.self.href |
String | A link to the account resource itself. |
account._links.balances.href |
String | A link to the resource providing the balance of a dedicated account. |
account._links.transactions.href |
String | A link to the resource providing the transaction history of a dedicated account. |
1.3. Get account balances
Example request:
GET /v1/accounts/99391c7e-ad88-49ec-a2ac-99ddcb1f7757/balances HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Consent-ID: 26a56972-3ab3-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"account": {
"resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410",
"iban": "LT274155754465883232",
},
"balances": [
{
"balanceAmount": {
"currency": "EUR",
"amount": "1950.30"
},
"balanceType": "closingBooked",
"referenceDate": "2018-11-27T13:54:03.946"
}
]
}
GET /v1/accounts/{accountId}/balances
Read account balances. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| accountId | String | false | This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
| Consent-ID | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
account.resourceId |
String | Unique identification of corresponding resource. |
account.iban |
String | International Bank Account Number. |
balances[].balanceAmount.currency |
String | Balance amount currency. |
balances[].balanceAmount.amount |
String | Balance amount value. |
balances[].balanceType |
String | Balance type. Must be one of [closingBooked, expected, openingBooked, interimAvailable, forwardAvailable, nonInvoiced]. |
balances[].referenceDate |
String | Reference date of the balance. |
1.4. Get account transactions
Example request:
GET /v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01&dateTo=2020-12-31&page=2&pageSize=2&bookingStatus=both HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Consent-ID: 26a56972-3ab3-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"account":{
"resourceId":"b4b921f9-2c91-3f60-9940-057b9b2cc410",
"iban":"LT053476455798924767"
},
"transactions": {
"booked": [
{
"transactionId": "caba67a2-3a2b-11eb-bc90-02427f0ac36a",
"bookingDate": "2020-11-23T11:11:53.000",
"valueDate": "2020-11-23T11:11:53.000",
"transactionAmount": {
"currency": "EUR",
"amount": "61.07"
},
"remittanceInformationUnstructured": "payment #1",
"creditorName": "Creditor name",
"creditorAccount": {
"iban": "LT506458461979475953",
"currency": "EUR"
}
},
{
"transactionId": "caba6a04-3a2b-11eb-840f-02427f0ac36a",
"bookingDate": "2020-11-23T11:11:53.000",
"valueDate": "2020-11-23T11:11:53.000",
"transactionAmount": {
"currency": "EUR",
"amount": "81.35"
},
"remittanceInformationUnstructured": "payment #2",
"debtorName": "Creditor name",
"debtorAccount": {
"iban": "LT366466761424516965",
"currency": "EUR"
}
}
],
"pending": []
},
"_links": {
"self": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01&dateTo=&bookingStatus=both&page=1&pageSize=2"
},
"account": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
},
"next": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01&dateTo=&bookingStatus=both&page=2&pageSize=2"
},
"last": {
"href": "/v1/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2020-01-01&dateTo=&bookingStatus=both&page=2&pageSize=2"
}
}
}
GET /v1/accounts/{accountId}/transactions
Read account transactions. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| accountId | String | false | This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. |
Query parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
bookingStatus |
String | true | Available values: "booked", "pending" and "both". Must be one of [booked, pending, both]. Default value: 'both'. |
dateFrom |
Object | false | Starting date (inclusive the date dateFrom) of the transaction list. |
dateTo |
Object | true | End date (inclusive the data dateTo) of the transaction list, default is "now" if not give. |
page |
Integer | true | Default value: '1'. |
pageSize |
Integer | true | Default value: '25'. |
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
Consent-ID |
String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
account.resourceId |
String | Unique identification of corresponding resource. |
account.iban |
String | International Bank Account Number. |
transactions[].transactionId |
String | Internal identification number. |
transactions[].bookingDate |
ISODate | The Date when an entry is posted to an account on the ASPSPs books. |
transactions[].valueDate |
ISODate | The Date at which assets become available to the account owner in case of a credit. |
transactions[].transactionAmount.currency |
String | The amount of the transaction as billed to the account (currency). |
transactions[].transactionAmount.amount |
String | The amount of the transaction as billed to the account (value). |
transactions[].creditorName |
String | Name of the creditor if a "Debited" transaction. |
transactions[].creditorAccount.iban |
String | Creditor International Bank Account Number. |
transactions[].creditorAccount.currency |
String | Creditor International Bank Account currency. |
transactions[].debtorName |
String | Name of the debtor if a "Credited" transaction. |
transactions[].debtorAccount.iban |
String | Debtor International Bank Account Number. |
transactions[].debtorAccount.currency |
String | Debtor International Bank Account currency. |
transactions[].remittanceInformationUnstructured |
String | Unstructured remittance reference. |
_links.self.href |
String | A link to the account transactions resource itself. |
_links.account.href |
String | A link to the account resource itself. |
_links.previous.href |
String | Navigation link for paginated account transactions (previous page). |
_links.next.href |
String | Navigation link for paginated account transactions (next page). |
_links.last.href |
String | Navigation link for paginated account transactions (last page). |
1.5. Create account consent
Example request:
POST /v1/consents HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
TPP-Redirect-URI: https://client.emi.com/consent=82abc9fe-3a2d-11eb-adc1-0242ac120002&status=ok
TPP-Nok-Redirect-URI: https://client.emi.com/consent=82abc9fe-3a2d-11eb-adc1-0242ac120002&status=nok
PSU-IP-Address: 128.166.114.199
{
"access": {
"accounts": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
"balances": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
"transactions": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
},
"recurringIndicator": false,
"validUntil": "2021-12-31",
"frequencyPerDay": 10,
"combinedServiceIndicator": false
}
Example response:
HTTP/1.1 201 Created
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Location: /v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
{
"consentId": "82abc9fe-3a2d-11eb-adc1-0242ac120002",
"consentStatus": "received",
"_links": {
"self": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002"
},
"status": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002/status"
},
"scaStatus": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
},
"scaRedirect": {
"href": "/authorisation/82abc9fe-3a2d-11eb-adc1-0242ac120002/b084c799-1234-4f32-bc40-42228a90f66c"
}
}
}
POST /v1/consents
This method creates a consent resource, defining access rights to dedicated accounts.
Path parameters
No parameters.
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
TPP-Redirect-URI |
String | false | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. |
TPP-Nok-Redirect-URI |
String | false | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. |
PSU-IP-Address |
String | false | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. |
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
access |
Object | false | Requested access services. |
access.accounts |
Array[Object] | true | Is asking for detailed account information. If the array is empty, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for balances or transactions shall be empty, if used. |
access.accounts[].iban |
String | false | Must match the regular expression
^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$. |
access.accounts[].currency |
String | true | Must match the regular expression ^[A-Z]{3}$. |
access.balances |
Array[Object] | true | Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for accounts or transactions shall be empty, if used. |
access.balances[].iban |
String | false | Must match the regular expression
^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$. |
access.balances[].currency |
String | true | Must match the regular expression ^[A-Z]{3}$. |
access.transactions |
Array[Object] | true | Is asking for transactions of the addressed accounts. If the array is empty, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for accounts or balances shall be empty, if used. |
access.transactions[].iban |
String | false | Must match the regular expression
^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$. |
access.transactions[].currency |
String | true | Must match the regular expression ^[A-Z]{3}$. |
recurringIndicator |
Boolean | false | True, if the consent is for recurring access to the account data. false, if the consent is for one access to the account data. |
validUntil |
Object | false | This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. |
frequencyPerDay |
Integer | false | This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1". |
combinedServiceIndicator |
Boolean | false | If true indicates that a payment initiation service will be addressed in the same "session". |
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Location |
Location of the created resource. |
ASPSP-SCA-Approach |
SCA approach. |
Response fields
| Path | Type | Description |
|---|---|---|
consentId |
String | ID of the corresponding consent object as returned by an Account Information Consent Request. |
consentStatus |
String | Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
_links.self.href |
String | The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the consent initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
_links.scaRedirect.href |
String | In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. |
1.6. Delete account consent
Example request:
DELETE /v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002 HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 204 No Content
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
DELETE /v1/consents/{consentId}
The TPP can delete an account information consent object if needed.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
No response body.
1.7. Get account consent
Example request:
GET /v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002 HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"access": {
"accounts": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
"balances": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
"transactions": [
{
"iban": "LT506458461979475953",
"currency": "EUR"
}
],
},
"validUntil": "2021-12-31",
"frequencyPerDay": 10,
"recurringIndicator": false,
"combinedServiceIndicator": false,
"consentStatus": "valid",
"_links": {
"self": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002"
},
"status": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002/status"
},
"scaStatus": {
"href": "/v1/consents/82abc9fe-3a2d-11eb-adc1-0242ac120002/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
}
}
}
GET /v1/consents/{consentId}
Returns the content of an account information consent object.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
access.accounts[].iban |
String | International Bank Account Number. |
access.accounts[].currency |
String | International Bank Account currency. |
access.balances[].iban |
String | International Bank Account Number. |
access.balances[].currency |
String | International Bank Account currency. |
access.transactions[].iban |
String | International Bank Account Number. |
access.transactions[].currency |
String | International Bank Account currency. |
validUntil |
String | This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. |
frequencyPerDay |
Number | This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1" |
recurringIndicator |
Boolean | true, if the consent is for recurring access to the account data false, if the consent is for one access to the account data. |
combinedServiceIndicator |
Boolean | If true indicates that a payment initiation service will be addressed in the same "session". Currently not supported. |
consentStatus |
String | Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
_links.self.href |
String | The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the consent initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
1.8. Get account consent status
Example request:
GET /v1/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"consentStatus": "valid"
}
GET /v1/consents/{consentId}/status
Read the status of an account information consent resource.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Account Information Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
consentStatus |
String | false | Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
1.9. Get account consent authorisation status
Example request:
GET /v1/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"scaStatus": "received"
}
GET /v1/consents/{consentId}/authorisations/{authorisationId}
Read the SCA status of a authorisation sub-resource.
Path parameters
| Parameter | Description |
|---|---|
consentId |
ID of the corresponding consent object as returned by an Account Information Consent Request. |
authorisationId |
ID of the authorisation sub-resource. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
scaStatus |
String | true | Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted]. |
2. Confirmation of Funds Service
2.1. Check availability of funds
Example request:
POST /v1/funds-confirmations HTTP/1.1
Content-Type: application/json;charset=UTF-8
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Consent-ID: 26a56972-3ab3-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"fundsAvailable": true
}
POST /v1/funds-confirmations
Creates a confirmation of funds request at the ASPSP. Checks whether a specific amount is available at point of time of the request on an account linked to a given IBAN.
Path parameters
No parameters.
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
Consent-ID |
String | false | ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
| Path | Type | Description |
|---|---|---|
account.iban |
String | International Bank Account Number. |
account.currency |
String | This parameter not supported. Support might be implemented in the future. |
instructedAmount.amount |
String | Transaction amount to be checked within the funds check mechanism. |
instructedAmount.currency |
String | Transaction amount currency. |
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
fundsAvailable |
Boolean | true | True if sufficient funds are available at the time of the request, false otherwise. |
2.2. Create fund consent
Example request:
POST /v1/consents/confirmation-of-funds HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
TPP-Redirect-URI: https://client.emi.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=ok
TPP-Nok-Redirect-URI: https://client.emi.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=nok
PSU-IP-Address: 128.166.114.199
{
"account": {
"iban": "LT506458461979475953",
"currency": "EUR"
},
"registrationInformation": "Registration information"
}
Example response:
HTTP/1.1 201 Created
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Location: /v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
{
"consentId": "0da4b182-23a3-476f-8608-87773586ff8a",
"consentStatus": "received",
"_links": {
"self": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
},
"status": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
},
"scaStatus": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
},
"scaRedirect": {
"href": "/authorisation/0da4b182-23a3-476f-8608-87773586ff8a/64de56cc-3ab3-11eb-adc1-0242ac120002"
}
}
}
POST /v1/consents/confirmation-of-funds
This method create a consent resource, defining confirmation of funds access rights to dedicated account.
Path parameters
No parameters.
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
TPP-Redirect-URI |
String | false | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. |
TPP-Nok-Redirect-URI |
String | false | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. |
PSU-IP-Address |
String | false | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. |
Request fields
| Path | Type | Description |
|---|---|---|
account.iban |
String | International Bank Account Number. |
account.currency |
String | If not provided, consent will be valid for all current and future currencies. |
registrationInformation |
String | Additional information about the registration process for the PSU, e.g. a reference to the TPP / PSU contract. |
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Location |
Location of the created resource. |
ASPSP-SCA-Approach |
SCA approach. |
Response fields
| Path | Type | Description |
|---|---|---|
consentId |
String | ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
consentStatus |
String | Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
_links.self.href |
String | The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the consent initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
_links.scaRedirect.href |
String | In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. |
2.3. Delete fund consent
Example request:
DELETE /v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 204 No Content
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
DELETE /v1/consents/confirmation-of-funds/{consentId}
The TPP can delete a confirmation of funds consent object if needed.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
No response body.
2.4. Get fund consent
Example request:
GET /v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"account": {
"iban": "LT053570010000000226",
"currency": "EUR"
},
"registrationInformation": "Test registration information",
"consentStatus": "valid",
"_links": {
"self": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
},
"status": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
},
"scaStatus": {
"href": "/v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
}
}
}
GET /v1/consents/confirmation-of-funds/{consentId}
Returns the content of a confirmation of funds consent object.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
account.iban |
String | International Bank Account Number. |
account.currency |
String | International Bank Account currency. |
consentStatus |
String | Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
registrationInformation |
String | Additional information about the registration process for the PSU, e.g. a reference to the TPP / PSU contract. |
_links.self.href |
String | The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the consent initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
2.5. Get fund consent status
Example request:
GET /v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"consentStatus": "valid"
}
GET /v1/consents/confirmation-of-funds/{consentId}/status
Read the status of a confirmation of funds consent resource.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| consentId | String | false | ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
consentStatus |
String | false | Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp]. |
2.6. Get fund consent authorisation status
Example request:
GET /v1/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"scaStatus": "received"
}
GET /v1/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}
Read the SCA status of a authorisation sub-resource.
Path parameters
| Parameter | Description |
|---|---|
consentId |
ID of the corresponding consent object as returned by an Fund Confirmation Consent Request. |
authorisationId |
ID of the authorisation sub-resource. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
scaStatus |
String | true | Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted]. |
3. Payment Initiation Service (PIS)
The Payment Initiation Service (PIS) offers the following services:
- Initiation of a payment request
- Status information of a payment
3.1. Initiate payment
Example request:
POST /v1/payments/sepa-credit-transfers HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
TPP-Redirect-URI: https://client.nano.com/payment=64de5258-3ab3-11eb-adc1-0242ac120002&status=ok
TPP-Nok-Redirect-URI: https://client.nano.com/payment=64de5258-3ab3-11eb-adc1-0242ac120002&status=nok
PSU-IP-Address: 128.166.114.199
{
"debtorAccount": {
"iban": "LT506458461979475953",
"currency": null
},
"creditorAccount": {
"iban": "LT086731885568252645",
"currency": null
},
"creditorName": "Name Surname",
"remittanceInformationUnstructured": "Test payment",
"instructedAmount": {
"currency": "EUR",
"amount": "12.50"
}
}
Example response:
HTTP/1.1 201 Created
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Location: /v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
{
"paymentId": "64de5258-3ab3-11eb-adc1-0242ac120002",
"transactionStatus": "RCVD",
"_links": {
"self": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002"
},
"status": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/status"
},
"scaStatus": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
},
"scaRedirect": {
"href": "/authorisation/64de5258-3ab3-11eb-adc1-0242ac120002/64de5168-3ab3-11eb-adc1-0242ac120002"
}
}
}
POST /v1/payments/sepa-credit-transfers
Create a payment initiation resource addressable under {paymentId}. This is the first step in the API to initiate the related payment.
Path parameters
No parameters.
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
TPP-Redirect-URI |
String | false | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. |
TPP-Nok-Redirect-URI |
String | false | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. |
PSU-IP-Address |
String | false | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. |
Request fields
| Path | Type | Description |
|---|---|---|
debtorAccount.iban |
String | Debtor International Bank Account Number. |
debtorAccount.currency |
String | Debtor International Bank Account currency. |
creditorAccount.iban |
String | Creditor International Bank Account Number. |
creditorAccount.currency |
String | Creditor International Bank Account currency. |
creditorName |
String | Name of the creditor if a "Debited" transaction. |
remittanceInformationUnstructured |
String | Unstructured remittance reference. |
instructedAmount.currency |
String | Instructed amount currency |
instructedAmount.amount |
String | Instructed amount value |
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Location |
Location of the created resource. |
ASPSP-SCA-Approach |
SCA approach. |
Response fields
| Path | Type | Description |
|---|---|---|
paymentId |
String | Resource identification of the generated payment initiation resource. |
transactionStatus |
String | Transaction Status of the payment resource. Status values are defined in the ISO20022. |
_links.self.href |
String | The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the payment initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
_links.scaRedirect.href |
String | In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. |
3.2. Get payment
Example request:
GET /v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002 HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"debtorAccount": {
"iban": "LT506458461979475953",
"currency": null
},
"creditorAccount": {
"iban": "LT086731885568252645",
"currency": null
},
"creditorName": "Name Surname",
"remittanceInformationUnstructured": "Test payment",
"instructedAmount": {
"currency": "EUR",
"amount": "12.50"
},
"transactionStatus": "RCVD",
"_links": {
"self": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002"
},
"status": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/status"
},
"scaStatus": {
"href": "/v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
}
}
}
GET /v1/payments/sepa-credit-transfers/{paymentId}
Read the details of an initiated payment.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| paymentId | String | false | ID of the corresponding payment initiation object as returned by an Payment Initiation Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
debtorAccount.iban |
String | Debtor International Bank Account Number. |
debtorAccount.currency |
String | Debtor International Bank Account currency. |
creditorAccount.iban |
String | Creditor International Bank Account Number. |
creditorAccount.currency |
String | Creditor International Bank Account currency. |
creditorName |
String | Name of the creditor if a "Debited" transaction. |
remittanceInformationUnstructured |
String | Unstructured remittance reference. |
instructedAmount.currency |
String | Instructed amount currency |
instructedAmount.amount |
String | Instructed amount value |
transactionStatus |
String | Transaction Status of the payment resource. Status values are defined in the ISO20022. |
_links.self.href |
String | The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data. |
_links.status.href |
String | The link to retrieve status of the payment initiation. |
_links.scaStatus.href |
String | The link to retrieve the scaStatus of the corresponding authorisation sub-resource. |
3.3. Get payment status
Example request:
GET /v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"transactionStatus": "RCVD"
}
GET /v1/payments/sepa-credit-transfers/{paymentId}/status
Read the transaction status of the payment.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
| paymentId | String | false | ID of the corresponding payment initiation object as returned by an Payment Initiation Request. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Description |
|---|---|---|
transactionStatus |
String | Transaction Status of the payment resource. Status values are defined in the ISO20022. |
3.4. Get payment authorisation status
Example request:
GET /v1/payments/sepa-credit-transfers/64de5258-3ab3-11eb-adc1-0242ac120002/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c HTTP/1.1
Accept: application/hal+json
X-Request-ID: c97bbbf2-3ab2-11eb-adc1-0242ac120002
Example response:
HTTP/1.1 200 OK
X-Request-ID: fe92cb0a-3ab2-11eb-adc1-0242ac120002
Content-Type: application/hal+json;charset=UTF-8
{
"scaStatus": "received"
}
GET /v1/payments/sepa-credit-transfers/{paymentId}/authorisations/{authorisationId}
Read the SCA status of a authorisation sub-resource.
Path parameters
| Parameter | Description |
|---|---|
paymentId |
Resource identification of the related payment initiation resource. |
authorisationId |
ID of the authorisation sub-resource. |
Query parameters
No parameters.
Request headers
| Header | Type | Optional | Description |
|---|---|---|---|
X-Request-ID |
Object | false | ID of the request, unique to the call, as determined by the initiating party. |
Request fields
No request body.
Response headers
| Name | Description |
|---|---|
X-Request-ID |
ID of the request, unique to the call, as determined by the initiating party. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
scaStatus |
String | true | Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted]. |
HTTP Response Codes
The HTTP response code is communicating the success or failure of a TPP request message. The 4XX HTTP response codes should only be given if the current request cannot be fulfilled, e.g. a payment initiation cannot be posted or account transactions cannot be retrieved. A request to get the status of an existing payment or a consent usually returns HTTP response code 200 since the actual request to retrieve the status succeeded, regardless if that payment or consent state is set to failure or not.
This specification supports the following HTTP response codes:
| Status code | Description |
|---|---|
200 OK |
PUT, GET Response Codes The POST for a Funds request will also return 200 since it does not create a new resource. DELETE Response Code where a payment resource has been cancelled successfully and no further cancellation authorisation is required. |
201 Created |
POST response code where Payment Initiation or Consent Request was correctly performed. |
204 No Content |
DELETE response code where a consent resource was successfully deleted. The code indicates that the request was performed, but no content was returned. |
400 Bad Request |
Validation error occurred. This code will cover malformed syntax in request or incorrect data in payload. |
401 Unauthorized |
The TPP or the PSU is not correctly authorized to perform the request. Retry the request with correct authentication information. |
403 Forbidden |
Returned if the resource that was referenced in the path exists but cannot be accessed by the TPP or the PSU. This code should only be used for non-sensitive id references as it will reveal that the resource exists even though it cannot be accessed. |
404 Not found |
Returned if the resource or endpoint that was referenced in the path does not exist or cannot be referenced by the TPP or the PSU. When in doubt if a specific id in the path is sensitive or not, use the HTTP response code 404 instead of the HTTP response code 403. |
405 Method Not Allowed |
This code is only sent when the HTTP method (PUT, POST, DELETE, GET etc.) is not supported on a specific endpoint. It has nothing to do with the consent, payment or account information data model. |
406 Not Acceptable |
The ASPSP cannot generate the content that the TPP specified in the Accept header. |
408 Request Timeout |
The server is still working correctly, but an individual request has timed out. |
409 Conflict |
The request could not be completed due to a conflict with the current state of the target resource. |
415 Unsupported Media Type |
The TPP has supplied a media type which the ASPSP does not support. |
429 Too Many Requests |
The TPP has exceeded the number of requests allowed by the consent or by the RTS. |
500 Internal Server Error |
Internal server error occurred. |
503 Service Unavailable |
The ASPSP server is currently unavailable. Generally, this is a temporary state. |
Additional Error Information
Example response:
{
"code": "RESOURCE_UNKNOWN",
"title": "The addressed resource is unknown relative to the TPP.",
"description": "Requested account not found.",
"type": "/api#RESOURCE_UNKNOWN",
"additionalErrors": null
}
In RFC7807, a standardised definition of reporting error information is described. In the following, requirements of how to use this standardised error information reporting in the context of the PSD2 XS2A interface are defined.
Response Code
The HTTP response code is 4xx or 5xx as defined in HTTP Response Codes for response codes in case of errors.
Response Header
| Attribute | Type | Condition | Description |
|---|---|---|---|
| Content-Type | String | Mandatory | The string application/problem+json is used. |
Response Body
| Attribute | Type | Condition | Description |
|---|---|---|---|
| type | String | Mandatory | A URI reference RFC3986 that identifies the problem type. |
| title | String | Optional | Short human readable description of error type. |
| detail | String | Optional | Detailed human readable text specific to this instance of the error. |
| code | Message Code | Mandatory | Message code to explain the nature of the underlying error. |
| additionalErrors | Array | Optional | Used if more than one error is to be communicated. |
HTTP Error Codes
| Message Code | HTTP Response Code | Description |
|---|---|---|
CERTIFICATE_INVALID |
401 | The contents of the signature/corporate seal certificate are not matching PSD2 general PSD2 or attribute requirements. |
CERTIFICATE_EXPIRED |
401 | Signature/corporate seal certificate is expired. |
CERTIFICATE_BLOCKED |
401 | Signature/corporate seal certificate has been blocked by the ASPSP. |
CERTIFICATE_REVOKED |
401 | Signature/corporate seal certificate has been revoked by QSTP. |
CERTIFICATE_MISSING |
401 | Signature/corporate seal certificate was not available in the request but is mandated for the corresponding. |
SIGNATURE_INVALID |
401 | Application layer eIDAS Signature for TPP authentication is not correct. |
SIGNATURE_MISSING |
401 | Application layer eIDAS Signature for TPP authentication is mandated by the ASPSP but is missing. |
FORMAT_ERROR |
400 | Format of certain request fields are not matching the XS2A requirements. An explicit path to the corresponding field might be added in the return message. |
PARAMETER_NOT_CONSISTENT |
400 | Parameters submitted by TPP are not consistent. |
PARAMETER_NOT_SUPPORTED |
400 | The parameter is not supported. |
SERVICE_INVALID |
400 (if payload), 405 (if HTTP method) | The addressed service is not valid for the addressed resources or the submitted data. |
CONSENT_UNKNOWN |
403 (if path), 400 (if payload) | The Consent-ID cannot be matched by the ASPSP relative to the TPP. |
CONSENT_INVALID |
401 | The consent was created by this TPP but is not valid for the addressed service/resource. |
CONSENT_EXPIRED |
401 | The consent was created by this TPP but has expired and needs to be renewed. |
RESOURCE_UNKNOWN |
404 (if account-id path), 403 (if other resource in path) | The addressed resource is unknown relative to the TPP. |
RESOURCE_EXPIRED |
403 (if path), 400 (if payload) | The addressed resource is associated with the TPP but has expired, not addressable anymore. |
STATUS_INVALID |
409 | The addressed resource does not allow additional authorisation. |
PAYMENT_FAILED |
400 | The payment initiation POST request failed during the initial process. Additional information may be provided by the ASPSP. |
ACCESS_EXCEEDED |
429 | The access on the account has been exceeding the consented multiplicity without PSU involvement per day. |