{"resource_docs":[{"operation_id":"OBPv4.0.0-getBankAccountsBalances","implemented_by":{"version":"OBPv4.0.0","function":"getBankAccountsBalances"},"request_verb":"GET","request_url":"/obp/v4.0.0/banks/BANK_ID/balances","summary":"Get Accounts Balances","description":"
Get the Balances for the Accounts of the current User at one bank.
\nAuthentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbalances: balances
\nbank_id: gh.29.uk
\ncurrency: EUR
\nlabel: My Account
\nReturns transactions list (Core info) of the account specified by ACCOUNT_ID.
\nAuthentication is Mandatory
\nPossible custom url parameters for pagination:
\neg1:?limit=100&offset=0
\neg2:?limit=100&offset=0&sort_direction=ASC
\nDate format parameter: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'(2017-09-19T02:31:05.000Z) ==> time zone is UTC.
\neg3:?sort_direction=ASC&limit=100&offset=0&from_date=2017-09-19T02:31:05.000Z&to_date=2017-09-19T02:31:05.000Z
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nJSON response body fields:
\namount: 10.12
\ncompleted: 2020-01-27
\ncurrency: EUR
\nnew_balance: 20
\nposted: 2020-01-27
\ntransaction_attribute_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
\nvalue: 5987953
\nWhen using SANDBOX_TAN, the payee is set in the request body.
\nMoney goes into the BANK_ID and ACCOUNT_ID specified in the request body.
\nInitiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to SANDBOX_TAN. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n{
\n"XAF":{
\n"HKD":0.0135503,
\n"AUD":0.00228226,
\n"KRW":1.87975,
\n"JOD":0.00127784,
\n"GBP":0.00131092,
\n"MXN":0.0396,
\n"AED":0.00601555,
\n"INR":0.110241,
\n"JPY":0.185328,
\n"USD":0.00163773,
\n"ILS":0.00641333,
\n"EUR":0.00152449
\n},
\n"HKD":{
\n"XAF":73.8049,
\n"AUD":0.178137,
\n"KRW":143.424,
\n"JOD":0.0903452,
\n"GBP":0.0985443,
\n"MXN":2.8067,
\n"AED":0.467977,
\n"INR":9.09325,
\n"JPY":14.0867,
\n"USD":0.127427,
\n"ILS":0.460862,
\n"EUR":0.112495
\n},
\n"AUD":{
\n"XAF":438.162,
\n"HKD":5.61346,
\n"KRW":895.304,
\n"JOD":0.556152,
\n"GBP":0.609788,
\n"MXN":16.0826,
\n"AED":2.88368,
\n"INR":50.4238,
\n"JPY":87.0936,
\n"USD":0.785256,
\n"ILS":2.83558,
\n"EUR":0.667969
\n},
\n"KRW":{
\n"XAF":0.531986,
\n"HKD":0.00697233,
\n"AUD":0.00111694,
\n"JOD":6.30634E-4,
\n"GBP":6.97389E-4,
\n"MXN":0.0183,
\n"AED":0.00320019,
\n"INR":0.0586469,
\n"JPY":0.0985917,
\n"USD":8.7125E-4,
\n"ILS":0.00316552,
\n"EUR":8.11008E-4
\n},
\n"JOD":{
\n"XAF":782.572,
\n"HKD":11.0687,
\n"AUD":1.63992,
\n"KRW":1585.68,
\n"GBP":1.06757,
\n"MXN":30.8336,
\n"AED":5.18231,
\n"INR":90.1236,
\n"JPY":156.304,
\n"USD":1.41112,
\n"ILS":5.02018,
\n"EUR":0.237707
\n},
\n"GBP":{
\n"XAF":762.826,
\n"HKD":10.1468,
\n"AUD":1.63992,
\n"KRW":1433.92,
\n"JOD":0.936707,
\n"MXN":29.242,
\n"AED":4.58882,
\n"INR":84.095,
\n"JPY":141.373,
\n"USD":1.2493,
\n"ILS":4.7002,
\n"EUR":1.16278
\n},
\n"MXN":{
\n"XAF":25.189,
\n"HKD":0.3562,
\n"AUD":0.0621,
\n"KRW":54.4512,
\n"JOD":0.0324,
\n"GBP":0.0341,
\n"AED":0.1688,
\n"INR":3.3513,
\n"JPY":4.8687,
\n"USD":0.0459,
\n"ILS":0.1541,
\n"EUR":0.0384
\n},
\n"AED":{
\n"XAF":166.236,
\n"HKD":2.13685,
\n"AUD":0.346779,
\n"KRW":312.482,
\n"GBP":0.217921,
\n"MXN":5.9217,
\n"AED":0.192964,
\n"INR":18.3255,
\n"JPY":30.8081,
\n"USD":0.27225,
\n"ILS":0.968033,
\n"EUR":0.253425
\n},
\n"INR":{
\n"XAF":9.07101,
\n"HKD":0.109972,
\n"AUD":0.0198319,
\n"KRW":17.0512,
\n"JOD":0.0110959,
\n"GBP":0.0118913,
\n"MXN":0.2983,
\n"AED":0.0545671,
\n"JPY":1.68111,
\n"USD":0.0148559,
\n"ILS":0.0556764,
\n"EUR":0.0138287
\n},
\n"JPY":{
\n"XAF":5.39585,
\n"HKD":0.0709891,
\n"AUD":0.0114819,
\n"KRW":10.1428,
\n"JOD":0.00639777,
\n"GBP":0.0070735,
\n"MXN":0.2053,
\n"AED":0.032459,
\n"INR":0.594846,
\n"USD":0.00883695,
\n"ILS":0.0320926,
\n"EUR":0.00822592
\n},
\n"USD":{
\n"XAF":610.601,
\n"HKD":7.84766,
\n"AUD":1.27347,
\n"KRW":1147.78,
\n"JOD":0.708659,
\n"GBP":0.800446,
\n"MXN":21.748,
\n"AED":3.6731,
\n"INR":67.3135,
\n"JPY":113.161,
\n"ILS":3.55495,
\n"EUR":0.930886
\n},
\n"ILS":{
\n"XAF":155.925,
\n"HKD":2.16985,
\n"AUD":0.352661,
\n"KRW":315.903,
\n"JOD":0.199196,
\n"GBP":0.212763,
\n"MXN":6.4871,
\n"AED":1.03302,
\n"INR":17.9609,
\n"JPY":31.1599,
\n"USD":0.281298,
\n"EUR":1.19318
\n},
\n"EUR":{
\n"XAF":655.957,
\n"HKD":8.88926,
\n"AUD":1.49707,
\n"KRW":1233.03,
\n"JOD":0.838098,
\n"GBP":0.860011,
\n"MXN":26.0359,
\n"AED":3.94594,
\n"INR":72.3136,
\n"JPY":121.567,
\n"USD":1.07428,
\n"ILS":4.20494
\n}
\n}
Transaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncurrency: EUR
\nvalue: 5987953
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nvalue: 5987953
\nWhen using ACCOUNT, the payee is set in the request body.
\nMoney goes into the BANK_ID and ACCOUNT_ID specified in the request body.
\nInitiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states: INITIATED, NEXT_CHALLENGE_PENDING etc.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
\nIn case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to ACCOUNT. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n\nTransaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncurrency: EUR
\nvalue: 5987953
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\nchallenges: challenges
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nuser_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
\nvalue: 5987953
\nGet the bank specified by BANK_ID
\nReturns information about a single bank specified by BANK_ID including:
Authentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\n","description_markdown":"Get the bank specified by BANK_ID\nReturns information about a single bank specified by BANK_ID including:\n\n* Short and full name of bank\n* Logo URL\n* Website\n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"id":"gh.29.uk","short_name":"short_name ","full_name":"full_name","logo":"logo","website":"www.openbankproject.com","bank_routings":[{"scheme":"Bank_ID","address":"gh.29.uk"}]},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-50000: Unknown Error.","OBP-30001: Bank not found. Please specify a valid value for BANK_ID."],"tags":["Bank","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"website":{"type":"string"},"logo":{"type":"string"},"bank_routings":{"type":"array","items":{"type":"object","properties":{"scheme":{"type":"string"},"address":{"type":"string"}}}},"short_name":{"type":"string"},"id":{"type":"string"},"full_name":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID","connector_methods":["obp.getBank"]},{"operation_id":"OBPv4.0.0-getExplictCounterpartiesForAccount","implemented_by":{"version":"OBPv4.0.0","function":"getExplictCounterpartiesForAccount"},"request_verb":"GET","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/counterparties","summary":"Get Counterparties (Explicit)","description":"Get the Counterparties (Explicit) for the account / view.
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON response body fields:
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\nis_beneficiary: true
\nkey: CustomerNumber
\nvalue: 5987953
\nGet Accounts held by the current User if even the User has not been assigned the owner View yet.
\nCan be used to onboard the account to the API - since all other account and transaction endpoints require views to be assigned.
\noptional request parameters:
\nwhole url example:
\n/banks/BANK_ID/accounts-held?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\n\n","description_markdown":"Get Accounts held by the current User if even the User has not been assigned the owner View yet.\n\nCan be used to onboard the account to the API - since all other account and transaction endpoints require views to be assigned.\n\n\noptional request parameters:\n\n* account_type_filter: one or many accountType value, split by comma\n* account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE\n\nwhole url example:\n/banks/BANK_ID/accounts-held?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE\n \n\n\n\n \n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n\n* [bank_id](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [label](/glossary#can_see_bank_account_label): My Account\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"accounts":[{"id":"12314","label":"My Account","bank_id":"123","number":"123","account_routings":[{"scheme":"AccountNumber","address":"4930396"}]}]},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-50000: Unknown Error."],"tags":["Account","Account Information Service (AIS)","View-(Custom)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"accounts":{"type":"array","items":{"type":"object","properties":{"number":{"type":"string"},"label":{"type":"string"},"bank_id":{"type":"string"},"account_routings":{"type":"array","items":{"type":"object","properties":{"scheme":{"type":"string"},"address":{"type":"string"}}}},"id":{"type":"string"}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/accounts-held","connector_methods":["obp.getCoreBankAccounts","obp.getBankAccountsHeld","obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-createTransactionRequestRefund","implemented_by":{"version":"OBPv4.0.0","function":"createTransactionRequestRefund"},"request_verb":"POST","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/REFUND/transaction-requests","summary":"Create Transaction Request (REFUND)","description":"Either the from
or the to
field must be filled. Those fields refers to the information about the party that will be refunded.
In case the from
object is used, it means that the refund comes from the part that sent you a transaction.
\nIn the from
object, you have two choices :
\n- Use bank_id
and account_id
fields if the other account is registered on the OBP-API
\n- Use the counterparty_id
field in case the counterparty account is out of the OBP-API
In case the to
object is used, it means you send a request to a counterparty to ask for a refund on a previous transaction you sent.
\n(This case is not managed by the OBP-API and require an external adapter)
Initiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states: INITIATED, NEXT_CHALLENGE_PENDING etc.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
\nIn case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to ACCOUNT. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n\nTransaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\nreason_code: reason_code
\ntransaction_id: 2fg8a7e4-6d02-40e3-a129-0b2bf89de8ub
\nvalue: 5987953
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\nchallenges: challenges
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nuser_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
\nvalue: 5987953
\nGet the server's public JSON Web Key (JWK) set and certificate chain.
\nIt is required by client applications to validate ID tokens, self-contained access tokens and other issued objects.
Authentication is Optional
\nJSON response body fields:
\n","description_markdown":"Get the server's public JSON Web Key (JWK) set and certificate chain.\n It is required by client applications to validate ID tokens, self-contained access tokens and other issued objects.\n\n \n\nAuthentication is Optional\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"kty":"RSA","e":"AQAB","use":"sig","kid":"fr6-BxXH5gikFeZ2O6rGk0LUmJpukeswASN_TMW8U_s","n":"hrB0OWqg6AeNU3WCnhheG18R5EbQtdNYGOaSeylTjkj2lZr0_vkhNVYvase-CroxO4HOT06InxTYwLnmJiyv2cZxReuoVjTlk--olGu-9MZooiFiqWez0JzndyKxQ27OiAjFsMh0P04kaUXeHKhXRfiU7K2FqBshR1UlnWe7iHLkq2p9rrGjxQc7ff0w-Uc0f-8PWg36Y2Od7s65493iVQwnI13egqMaSvgB1s8_dgm08noEjhr8C5m1aKmr5oipWEPNi-SBV2VNuiCLR1IEPuXq0tOwwZfv31t34KPO-2H2bbaWmzGJy9mMOGqoNrbXyGiUZoyeHRELaNtm1GilyQ"},"error_response_bodies":["OBP-50000: Unknown Error."],"tags":["API","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"kid":{"type":"string"},"use":{"type":"string"},"n":{"type":"string"},"e":{"type":"string"},"kty":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/certs","connector_methods":["obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-getExplictCounterpartyById","implemented_by":{"version":"OBPv4.0.0","function":"getExplictCounterpartyById"},"request_verb":"GET","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/counterparties/COUNTERPARTY_ID","summary":"Get Counterparty by Counterparty Id (Explicit)","description":"Information returned about the Counterparty specified by COUNTERPARTY_ID:
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nCOUNTERPARTY_ID: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\nVIEW_ID: owner
\nJSON response body fields:
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate: 2020-01-27
\nis_beneficiary: true
\nkey: CustomerNumber
\nlatitude: 38.8951
\nlongitude: -77.0364
\nusername: felixsmith
\nvalue: 5987953
\nGet banks on this API instance
\nReturns a list of banks supported on this server:
Authentication is Optional
\nJSON response body fields:
\n","description_markdown":"Get banks on this API instance\nReturns a list of banks supported on this server:\n\n* ID used as parameter in URLs\n* Short and full name of bank\n* Logo URL\n* Website\n\nAuthentication is Optional\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"banks":[{"id":"gh.29.uk","short_name":"short_name ","full_name":"full_name","logo":"logo","website":"www.openbankproject.com","bank_routings":[{"scheme":"Bank_ID","address":"gh.29.uk"}]}]},"error_response_bodies":["OBP-50000: Unknown Error."],"tags":["Bank","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"banks":{"type":"array","items":{"type":"object","properties":{"website":{"type":"string"},"logo":{"type":"string"},"bank_routings":{"type":"array","items":{"type":"object","properties":{"scheme":{"type":"string"},"address":{"type":"string"}}}},"short_name":{"type":"string"},"id":{"type":"string"},"full_name":{"type":"string"}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks","connector_methods":["obp.getBankAccountsForUser","obp.getBanks"]},{"operation_id":"OBPv3.0.0-getPrivateAccountIdsbyBankId","implemented_by":{"version":"OBPv3.0.0","function":"getPrivateAccountIdsbyBankId"},"request_verb":"GET","request_url":"/obp/v3.0.0/banks/BANK_ID/accounts/account_ids/private","summary":"Get Accounts at Bank (IDs only)","description":"Returns only the list of accounts ids at BANK_ID that the user has access to.
\nEach account must have at least one private View.
\nFor each account the API returns its account ID.
\nIf you want to see more information on the Views, use the Account Detail call.
\noptional request parameters:
\nwhole url example:
\n/banks/BANK_ID/accounts/account_ids/private?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\n","description_markdown":"Returns only the list of accounts ids at BANK_ID that the user has access to.\n\nEach account must have at least one private View.\n\nFor each account the API returns its account ID.\n\nIf you want to see more information on the Views, use the Account Detail call.\n\n\noptional request parameters:\n\n* account_type_filter: one or many accountType value, split by comma\n* account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE\n\nwhole url example:\n/banks/BANK_ID/accounts/account_ids/private?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE\n \n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"accounts":[{"id":"5995d6a2-01b3-423c-a173-5481df49bdaf"}]},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-50000: Unknown Error."],"tags":["Account","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"accounts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/accounts/account_ids/private","connector_methods":["obp.getCoreBankAccounts","obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv3.1.0-createConsentSms","implemented_by":{"version":"OBPv3.1.0","function":"createConsentSms"},"request_verb":"POST","request_url":"/obp/v3.1.0/banks/BANK_ID/my/consents/SMS","summary":"Create Consent (SMS)","description":"This endpoint starts the process of creating a Consent.
\nThe Consent is created in an INITIATED state.
\nA One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
\nSCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.
\nConsents must be created and authorisied using SCA (Strong Customer Authentication).
\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
\nFor example:
\nGET /obp/v4.0.0/users/current HTTP/1.1
\nHost: 127.0.0.1:8080
\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
\ncache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
\nExample of POST JSON:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com",
\n"valid_from": "2020-02-07T08:43:34Z",
\n"time_to_live": 3600
\n}
\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live.
\nIn case you omit they the default values are used:
\nconsumer_id = consumer of current user
\nvalid_from = current time
\ntime_to_live = consents.max_time_to_live
Authentication is Mandatory
\nExample 1:
\n{
\n"everything": true,
\n"views": [],
\n"entitlements": [],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com"
\n}
Please note that consumer_id is optional field
\nExample 2:
\n{
\n"everything": true,
\n"views": [],
\n"entitlements": [],
\n"email": "eveline@example.com"
\n}
Please note if everything=false you need to explicitly specify views and entitlements
\nExample 3:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com"
\n}
URL Parameters:
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nbank_id: gh.29.uk
\nconsumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
\nvalid_from: 2020-01-27
\nview_id: owner
\nJSON response body fields:
\n","description_markdown":"This endpoint starts the process of creating a Consent.\n\nThe Consent is created in an INITIATED state.\n\nA One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD\nSCA_METHOD is typically \"SMS\" or \"EMAIL\". \"EMAIL\" is used for testing purposes.\n\nWhen the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.\n\n\n\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.\n\nConsents must be created and authorisied using SCA (Strong Customer Authentication).\n\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.\n\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.\n\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. \nFor example:\nGET /obp/v4.0.0/users/current HTTP/1.1\nHost: 127.0.0.1:8080\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg\n\nConsumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk\ncache-control: no-cache\n\nMaximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.\n\nExample of POST JSON:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\",\n \"valid_from\": \"2020-02-07T08:43:34Z\",\n \"time_to_live\": 3600\n}\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live. \nIn case you omit they the default values are used:\nconsumer_id = consumer of current user\nvalid_from = current time\ntime_to_live = consents.max_time_to_live\n\n \n\nAuthentication is Mandatory\n\nExample 1: \n{\n \"everything\": true,\n \"views\": [],\n \"entitlements\": [],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\"\n}\n\nPlease note that consumer_id is optional field\nExample 2:\n{\n \"everything\": true,\n \"views\": [],\n \"entitlements\": [],\n \"email\": \"eveline@example.com\"\n}\n\nPlease note if everything=false you need to explicitly specify views and entitlements\nExample 3:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\"\n}\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON request body fields:**\n\n\n\n* [account_id](/glossary#Account.account_id): 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\n\n\n\n* [bank_id](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [consumer_id](/glossary#): 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\n\n\n\n* [valid_from](/glossary#valid_from): 2020-01-27\n\n\n\n* [view_id](/glossary#this_view_id): owner\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"everything":false,"views":[{"bank_id":"gh.29.uk","account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0","view_id":"owner"}],"entitlements":[{"bank_id":"gh.29.uk","role_name":"CanGetCustomer"}],"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh","phone_number":"+44 07972 444 876","valid_from":"2024-03-25T16:24:19Z","time_to_live":3600},"success_response_body":{"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945","jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4","status":"INITIATED"},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-10001: Incorrect json format.","OBP-35009: Only SMS and EMAIL are supported as SCA methods. ","OBP-35013: Consents can only contain Roles that you already have access to.","OBP-35014: Consents can only contain Views that you already have access to.","OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.","OBP-20058: Consumer is disabled.","OBP-00010: Missing props value at this API instance - ","OBP-35010: SMS server is not working or SMS server can not send the message to the phone number: ","OBP-50200: Connector cannot return the data we requested.","OBP-50000: Unknown Error."],"tags":["Consent","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"entitlements":{"type":"array","items":{"type":"object","properties":{"bank_id":{"type":"string"},"role_name":{"type":"string"}}}},"phone_number":{"type":"string"},"valid_from":{"type":"string","format":"date-time"},"everything":{"type":"boolean"},"views":{"type":"array","items":{"type":"object","properties":{"bank_id":{"type":"string"},"view_id":{"type":"string"},"account_id":{"type":"string"}}}},"consumer_id":{"type":"string"},"time_to_live":{"type":"integer"}}},"typed_success_response_body":{"type":"object","properties":{"consent_id":{"type":"string"},"status":{"type":"string"},"jwt":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/my/consents/SMS","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-getSettlementAccounts","implemented_by":{"version":"OBPv4.0.0","function":"getSettlementAccounts"},"request_verb":"GET","request_url":"/obp/v4.0.0/banks/BANK_ID/settlement-accounts","summary":"Get Settlement accounts at Bank","description":"Get settlement accounts on this API instance
\nReturns a list of settlement accounts at this Bank
Note: a settlement account is considered as a bank account.
\nSo you can update it and add account attributes to it using the regular account endpoints
Authentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbalance: 10
\nbranch_id: DERBY6
\ncurrency: EUR
\nlabel: My Account
\npayment_system: SEPA
\nvalue: 5987953
\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.
\nConsents must be created and authorisied using SCA (Strong Customer Authentication).
\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
\nFor example:
\nGET /obp/v4.0.0/users/current HTTP/1.1
\nHost: 127.0.0.1:8080
\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
\ncache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
\nExample of POST JSON:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com",
\n"valid_from": "2020-02-07T08:43:34Z",
\n"time_to_live": 3600
\n}
\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live.
\nIn case you omit they the default values are used:
\nconsumer_id = consumer of current user
\nvalid_from = current time
\ntime_to_live = consents.max_time_to_live
Revoke Consent for current user specified by CONSENT_ID
\nAuthentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\n","description_markdown":"An OBP Consent allows the holder of the Consent to call one or more endpoints.\n\nConsents must be created and authorisied using SCA (Strong Customer Authentication).\n\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.\n\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.\n\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. \nFor example:\nGET /obp/v4.0.0/users/current HTTP/1.1\nHost: 127.0.0.1:8080\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg\n\nConsumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk\ncache-control: no-cache\n\nMaximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.\n\nExample of POST JSON:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\",\n \"valid_from\": \"2020-02-07T08:43:34Z\",\n \"time_to_live\": 3600\n}\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live. \nIn case you omit they the default values are used:\nconsumer_id = consumer of current user\nvalid_from = current time\ntime_to_live = consents.max_time_to_live\n\n \n\n\nRevoke Consent for current user specified by CONSENT_ID\n\n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945","jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4","status":"REJECTED"},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-50000: Unknown Error."],"tags":["Consent","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"status":{"type":"string"},"consent_id":{"type":"string"},"jwt":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/my/consents/CONSENT_ID/revoke","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-getTransactionRequest","implemented_by":{"version":"OBPv4.0.0","function":"getTransactionRequest"},"request_verb":"GET","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-requests/TRANSACTION_REQUEST_ID","summary":"Get Transaction Request","description":"Returns transaction request for transaction specified by TRANSACTION_REQUEST_ID and for account specified by ACCOUNT_ID at bank specified by BANK_ID.
\nThe VIEW_ID specified must be 'owner' and the user must have access to this view.
\nVersion 2.0.0 now returns charge information.
\nTransaction Requests serve to initiate transactions that may or may not proceed. They contain information including:
\nPSD2 Context: PSD2 requires transparency of charges to the customer.
\nThis endpoint provides the charge that would be applied if the Transaction Request proceeds - and a record of that charge there after.
\nThe customer can proceed with the Transaction by answering the security challenge.
Authentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nTRANSACTION_REQUEST_ID: 8138a7e4-6d02-40e3-a129-0b2bf89de9f1
\nVIEW_ID: owner
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nvalue: 5987953
\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.
\nConsents must be created and authorisied using SCA (Strong Customer Authentication).
\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
\nFor example:
\nGET /obp/v4.0.0/users/current HTTP/1.1
\nHost: 127.0.0.1:8080
\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
\ncache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
\nExample of POST JSON:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com",
\n"valid_from": "2020-02-07T08:43:34Z",
\n"time_to_live": 3600
\n}
\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live.
\nIn case you omit they the default values are used:
\nconsumer_id = consumer of current user
\nvalid_from = current time
\ntime_to_live = consents.max_time_to_live
This endpoint is used to confirm a Consent previously created.
\nThe User must supply a code that was sent out of band (OOB) for example via an SMS.
\nAuthentication is Mandatory
\nURL Parameters:
\nJSON request body fields:
\nJSON response body fields:
\n","description_markdown":"An OBP Consent allows the holder of the Consent to call one or more endpoints.\n\nConsents must be created and authorisied using SCA (Strong Customer Authentication).\n\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.\n\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.\n\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. \nFor example:\nGET /obp/v4.0.0/users/current HTTP/1.1\nHost: 127.0.0.1:8080\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg\n\nConsumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk\ncache-control: no-cache\n\nMaximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.\n\nExample of POST JSON:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\",\n \"valid_from\": \"2020-02-07T08:43:34Z\",\n \"time_to_live\": 3600\n}\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live. \nIn case you omit they the default values are used:\nconsumer_id = consumer of current user\nvalid_from = current time\ntime_to_live = consents.max_time_to_live\n\n \n\n\nThis endpoint is used to confirm a Consent previously created.\n\nThe User must supply a code that was sent out of band (OOB) for example via an SMS.\n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON request body fields:**\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"answer":"12345678"},"success_response_body":{"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945","jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4","status":"INITIATED"},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-10001: Incorrect json format.","OBP-50200: Connector cannot return the data we requested.","OBP-50000: Unknown Error."],"tags":["Consent","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"answer":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"consent_id":{"type":"string"},"status":{"type":"string"},"jwt":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/consents/CONSENT_ID/challenge","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-createTransactionRequestAccountOtp","implemented_by":{"version":"OBPv4.0.0","function":"createTransactionRequestAccountOtp"},"request_verb":"POST","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/ACCOUNT_OTP/transaction-requests","summary":"Create Transaction Request (ACCOUNT_OTP)","description":"When using ACCOUNT, the payee is set in the request body.
\nMoney goes into the BANK_ID and ACCOUNT_ID specified in the request body.
\nInitiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states: INITIATED, NEXT_CHALLENGE_PENDING etc.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
\nIn case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to ACCOUNT. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n\nTransaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncurrency: EUR
\nvalue: 5987953
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\nchallenges: challenges
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nuser_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
\nvalue: 5987953
\nReturns the list of accounts containing private views for the user.
\nEach account lists the views available to the user.
optional request parameters:
\nwhole url example:
\n/my/accounts?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
\nJSON response body fields:
\naccount_type: AC
\nbank_id: gh.29.uk
\nlabel: My Account
\nReturns the minimal list of private accounts at BANK_ID that the user has access to.
\nFor each account, the API returns the ID, routing addresses and the views available to the current user.
If you want to see more information on the Views, use the Account Detail call.
\noptional request parameters:
\nwhole url example:
\n/banks/BANK_ID/accounts/private?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\naccount_type: AC
\nbank_id: gh.29.uk
\nlabel: My Account
\nThis endpoint starts the process of creating a Consent.
\nThe Consent is created in an INITIATED state.
\nA One Time Password (OTP) (AKA security challenge) is sent Out of band (OOB) to the User via the transport defined in SCA_METHOD
\nSCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.
\nConsents must be created and authorisied using SCA (Strong Customer Authentication).
\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
\nFor example:
\nGET /obp/v4.0.0/users/current HTTP/1.1
\nHost: 127.0.0.1:8080
\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
\ncache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
\nExample of POST JSON:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com",
\n"valid_from": "2020-02-07T08:43:34Z",
\n"time_to_live": 3600
\n}
\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live.
\nIn case you omit they the default values are used:
\nconsumer_id = consumer of current user
\nvalid_from = current time
\ntime_to_live = consents.max_time_to_live
Authentication is Mandatory
\nExample 1:
\n{
\n"everything": true,
\n"views": [],
\n"entitlements": [],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com"
\n}
Please note that consumer_id is optional field
\nExample 2:
\n{
\n"everything": true,
\n"views": [],
\n"entitlements": [],
\n"email": "eveline@example.com"
\n}
Please note if everything=false you need to explicitly specify views and entitlements
\nExample 3:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com"
\n}
URL Parameters:
\nBANK_ID: gh.29.uk
\nJSON request body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nbank_id: gh.29.uk
\nconsumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
\nvalid_from: 2020-01-27
\nview_id: owner
\nJSON response body fields:
\n","description_markdown":"This endpoint starts the process of creating a Consent.\n\nThe Consent is created in an INITIATED state.\n\nA One Time Password (OTP) (AKA security challenge) is sent Out of band (OOB) to the User via the transport defined in SCA_METHOD\nSCA_METHOD is typically \"SMS\" or \"EMAIL\". \"EMAIL\" is used for testing purposes.\n\nWhen the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.\n\n\n\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.\n\nConsents must be created and authorisied using SCA (Strong Customer Authentication).\n\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.\n\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.\n\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. \nFor example:\nGET /obp/v4.0.0/users/current HTTP/1.1\nHost: 127.0.0.1:8080\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg\n\nConsumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk\ncache-control: no-cache\n\nMaximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.\n\nExample of POST JSON:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\",\n \"valid_from\": \"2020-02-07T08:43:34Z\",\n \"time_to_live\": 3600\n}\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live. \nIn case you omit they the default values are used:\nconsumer_id = consumer of current user\nvalid_from = current time\ntime_to_live = consents.max_time_to_live\n\n \n\nAuthentication is Mandatory\n\nExample 1: \n{\n \"everything\": true,\n \"views\": [],\n \"entitlements\": [],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\"\n}\n\nPlease note that consumer_id is optional field\nExample 2:\n{\n \"everything\": true,\n \"views\": [],\n \"entitlements\": [],\n \"email\": \"eveline@example.com\"\n}\n\nPlease note if everything=false you need to explicitly specify views and entitlements\nExample 3:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\"\n}\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [EMAIL](/glossary#developer_email): felixsmith@example.com\n\n\n\n\n\n**JSON request body fields:**\n\n\n\n* [account_id](/glossary#Account.account_id): 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\n\n\n\n* [bank_id](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [consumer_id](/glossary#): 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\n\n\n\n* [email](/glossary#developer_email): felixsmith@example.com\n\n\n\n* [valid_from](/glossary#valid_from): 2020-01-27\n\n\n\n* [view_id](/glossary#this_view_id): owner\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"everything":false,"views":[{"bank_id":"gh.29.uk","account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0","view_id":"owner"}],"entitlements":[{"bank_id":"gh.29.uk","role_name":"CanGetCustomer"}],"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh","email":"felixsmith@example.com","valid_from":"2024-03-25T16:24:19Z","time_to_live":3600},"success_response_body":{"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945","jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4","status":"INITIATED"},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-10001: Incorrect json format.","OBP-35009: Only SMS and EMAIL are supported as SCA methods. ","OBP-35013: Consents can only contain Roles that you already have access to.","OBP-35014: Consents can only contain Views that you already have access to.","OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.","OBP-20058: Consumer is disabled.","OBP-50200: Connector cannot return the data we requested.","OBP-50000: Unknown Error."],"tags":["Consent","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"email":{"type":"string"},"entitlements":{"type":"array","items":{"type":"object","properties":{"bank_id":{"type":"string"},"role_name":{"type":"string"}}}},"valid_from":{"type":"string","format":"date-time"},"everything":{"type":"boolean"},"views":{"type":"array","items":{"type":"object","properties":{"bank_id":{"type":"string"},"view_id":{"type":"string"},"account_id":{"type":"string"}}}},"consumer_id":{"type":"string"},"time_to_live":{"type":"integer"}}},"typed_success_response_body":{"type":"object","properties":{"consent_id":{"type":"string"},"status":{"type":"string"},"jwt":{"type":"string"}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/my/consents/EMAIL","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv1.4.0-getTransactionRequestTypes","implemented_by":{"version":"OBPv1.4.0","function":"getTransactionRequestTypes"},"request_verb":"GET","request_url":"/obp/v1.4.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types","summary":"Get Transaction Request Types for Account","description":"Returns the Transaction Request Types that the account specified by ACCOUNT_ID and view specified by VIEW_ID has access to.
\nThese are the ways this API Server can create a Transaction via a Transaction Request
\n(as opposed to Transaction Types which include external types too e.g. for Transactions created by core banking etc.)
A Transaction Request Type internally determines:
\nFor instance in a 'SANDBOX_TAN' Transaction Request, for amounts over 1000 currency units, the user must supply a positive integer to complete the Transaction Request and create a Transaction.
\nThis approach aims to provide only one endpoint for initiating transactions, and one that handles challenges, whilst still allowing flexibility with the payload and internal logic.
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON response body fields:
\n\n","description_markdown":"Returns the Transaction Request Types that the account specified by ACCOUNT_ID and view specified by VIEW_ID has access to.\n\nThese are the ways this API Server can create a Transaction via a Transaction Request\n(as opposed to Transaction Types which include external types too e.g. for Transactions created by core banking etc.)\n\n A Transaction Request Type internally determines:\n\n * the required Transaction Request 'body' i.e. fields that define the 'what' and 'to' of a Transaction Request,\n * the type of security challenge that may be be raised before the Transaction Request proceeds, and\n * the threshold of that challenge.\n\n For instance in a 'SANDBOX_TAN' Transaction Request, for amounts over 1000 currency units, the user must supply a positive integer to complete the Transaction Request and create a Transaction.\n\n This approach aims to provide only one endpoint for initiating transactions, and one that handles challenges, whilst still allowing flexibility with the payload and internal logic.\n \n \n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [ACCOUNT_ID](/glossary#Account.account_id): 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\n\n\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [VIEW_ID](/glossary#this_view_id): owner\n\n\n\n\n\n**JSON response body fields:**\n\n\n\n* [amount](/glossary#temporary_requested_current_amount): 10.12\n\n\n\n* [currency](/glossary#can_see_transaction_currency): EUR\n\n\n\n* [value](/glossary#Customer.customerAttributeValue): 5987953\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"transaction_request_types":[{"value":"10","charge":{"summary":"The bank fixed charge","value":{"currency":"EUR","amount":"0"}}}]},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-30003: Account not found. Please specify a valid value for ACCOUNT_ID.","Please specify a valid value for CURRENCY of your Bank Account. ","Current user does not have access to the view ","account not found at bank","user does not have access to owner view","OBP-40018: Sorry, Transaction Requests are not enabled in this API instance.","OBP-50000: Unknown Error."],"tags":["Transaction-Request","Payment Initiation Service (PIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"transaction_request_types":{"type":"array","items":{"type":"object","properties":{"charge":{"type":"object","properties":{"value":{"type":"object","properties":{"currency":{"type":"string"},"amount":{"type":"string"}}},"summary":{"type":"string"}}},"value":{"type":"string"}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types","connector_methods":["obp.getTransactionRequestTypes","obp.getTransactionRequestTypeCharges","obp.checkBankAccountExists","obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-answerTransactionRequestChallenge","implemented_by":{"version":"OBPv4.0.0","function":"answerTransactionRequestChallenge"},"request_verb":"POST","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/TRANSACTION_REQUEST_TYPE/transaction-requests/TRANSACTION_REQUEST_ID/challenge","summary":"Answer Transaction Request Challenge","description":"In Sandbox mode, any string that can be converted to a positive integer will be accepted as an answer.
\nThis endpoint totally depends on createTransactionRequest, it need get the following data from createTransactionRequest response body.
\n1)TRANSACTION_REQUEST_TYPE
: is the same as createTransactionRequest request URL .
2)TRANSACTION_REQUEST_ID
: is the id
field in createTransactionRequest response body.
3) id
: is challenge.id
field in createTransactionRequest response body.
4) answer
: must be 123
in case that Strong Customer Authentication method for OTP challenge is dummy.
\nFor instance: SANDBOX_TAN_OTP_INSTRUCTION_TRANSPORT=dummy
\nPossible values are dummy,email and sms
\nIn kafka mode, the answer can be got by phone message or other security ways.
In case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Authentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nTRANSACTION_REQUEST_ID: 8138a7e4-6d02-40e3-a129-0b2bf89de9f1
\nTRANSACTION_REQUEST_TYPE: SEPA
\nVIEW_ID: owner
\nJSON request body fields:
\nadditional_information: additional_information
\nreason_code: reason_code
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nvalue: 5987953
\nSpecial instructions for COUNTERPARTY:
\nWhen using a COUNTERPARTY to create a Transaction Request, specificy the counterparty_id in the body of the request.
\nThe routing details of the counterparty will be forwarded for the transfer.
Initiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states: INITIATED, NEXT_CHALLENGE_PENDING etc.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
\nIn case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to ACCOUNT. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n\nTransaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\namount: 10.12
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\nvalue: 5987953
\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\nchallenges: challenges
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nuser_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
\nvalue: 5987953
\nGet Transaction Types for the bank specified by BANK_ID:
\nLists the possible Transaction Types available at the bank (as opposed to Transaction Request Types which are the possible ways Transactions can be created by this API Server).
\nAuthentication is Optional
\nURL Parameters:
\nJSON response body fields:
\n\n","description_markdown":"Get Transaction Types for the bank specified by BANK_ID:\n\nLists the possible Transaction Types available at the bank (as opposed to Transaction Request Types which are the possible ways Transactions can be created by this API Server).\n\n * id : Unique transaction type id across the API instance. SHOULD be a UUID. MUST be unique.\n * bank_id : The bank that supports this TransactionType\n * short_code : A short code (SHOULD have no-spaces) which MUST be unique across the bank. May be stored with Transactions to link here\n * summary : A succinct summary\n * description : A longer description\n * charge : The charge to the customer for each one of these\n\nAuthentication is Optional\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n\n* [amount](/glossary#temporary_requested_current_amount): 10.12\n\n\n\n* [bank_id](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n* [currency](/glossary#can_see_transaction_currency): EUR\n\n\n\n* [value](/glossary#Customer.customerAttributeValue): 5987953\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"transaction_types":[{"id":{"value":"123"},"bank_id":"gh.29.uk","short_code":"PlaceholderString","summary":"PlaceholderString","description":"PlaceholderString","charge":{"currency":"EUR","amount":"0"}}]},"error_response_bodies":["OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-50000: Unknown Error."],"tags":["Bank","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"transaction_types":{"type":"array","items":{"type":"object","properties":{"description":{"type":"string"},"short_code":{"type":"string"},"bank_id":{"type":"string"},"summary":{"type":"string"},"charge":{"type":"object","properties":{"currency":{"type":"string"},"amount":{"type":"string"}}},"id":{"type":"object","properties":{"value":{"type":"string"}}}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/transaction-types","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv3.1.0-checkFundsAvailable","implemented_by":{"version":"OBPv3.1.0","function":"checkFundsAvailable"},"request_verb":"GET","request_url":"/obp/v3.1.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/funds-available","summary":"Check Available Funds","description":"Check Available Funds
\nMandatory URL parameters:
Authentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON response body fields:
\nInformation returned about the account specified by ACCOUNT_ID:
\nThis call returns the owner view and requires access to that view.
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nJSON response body fields:
\namount: 10.12
\nbalance: 10
\nbank_id: gh.29.uk
\ncurrency: EUR
\nlabel: My Account
\nAn OBP Consent allows the holder of the Consent to call one or more endpoints.
\nConsents must be created and authorisied using SCA (Strong Customer Authentication).
\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
\nFor example:
\nGET /obp/v4.0.0/users/current HTTP/1.1
\nHost: 127.0.0.1:8080
\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
\ncache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
\nExample of POST JSON:
\n{
\n"everything": false,
\n"views": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
\n"view_id": "owner"
\n}
\n],
\n"entitlements": [
\n{
\n"bank_id": "GENODEM1GLS",
\n"role_name": "CanGetCustomer"
\n}
\n],
\n"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
\n"email": "eveline@example.com",
\n"valid_from": "2020-02-07T08:43:34Z",
\n"time_to_live": 3600
\n}
\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live.
\nIn case you omit they the default values are used:
\nconsumer_id = consumer of current user
\nvalid_from = current time
\ntime_to_live = consents.max_time_to_live
This endpoint gets the Consents that the current User created.
\nAuthentication is Mandatory
\nURL Parameters:
\nJSON response body fields:
\n","description_markdown":"An OBP Consent allows the holder of the Consent to call one or more endpoints.\n\nConsents must be created and authorisied using SCA (Strong Customer Authentication).\n\nThat is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.\n\nEach Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.\n\nEach Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. \nFor example:\nGET /obp/v4.0.0/users/current HTTP/1.1\nHost: 127.0.0.1:8080\nConsent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn\n1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj\nEtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml\nzcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY\ntNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg\n\nConsumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk\ncache-control: no-cache\n\nMaximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.\n\nExample of POST JSON:\n{\n \"everything\": false,\n \"views\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"account_id\": \"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0\",\n \"view_id\": \"owner\"\n }\n ],\n \"entitlements\": [\n {\n \"bank_id\": \"GENODEM1GLS\",\n \"role_name\": \"CanGetCustomer\"\n }\n ],\n \"consumer_id\": \"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh\",\n \"email\": \"eveline@example.com\",\n \"valid_from\": \"2020-02-07T08:43:34Z\",\n \"time_to_live\": 3600\n}\nPlease note that only optional fields are: consumer_id, valid_from and time_to_live. \nIn case you omit they the default values are used:\nconsumer_id = consumer of current user\nvalid_from = current time\ntime_to_live = consents.max_time_to_live\n\n \n\n\n\nThis endpoint gets the Consents that the current User created.\n\nAuthentication is Mandatory\n\n\n**URL Parameters:**\n\n* [BANK_ID](/glossary#Bank.bank_id): gh.29.uk\n\n\n\n\n\n**JSON response body fields:**\n\n\n","example_request_body":{"jsonString":"{}"},"success_response_body":{"consents":[{"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945","jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4","status":"INITIATED"}]},"error_response_bodies":["OBP-20001: User not logged in. Authentication is required!","OBP-30001: Bank not found. Please specify a valid value for BANK_ID.","OBP-50000: Unknown Error."],"tags":["Consent","Account Information Service (AIS)","PSD2","New-Style"],"typed_request_body":{"type":"object","properties":{"jsonString":{"type":"string"}}},"typed_success_response_body":{"type":"object","properties":{"consents":{"type":"array","items":{"type":"object","properties":{"consent_id":{"type":"string"},"status":{"type":"string"},"jwt":{"type":"string"}}}}}},"is_featured":false,"special_instructions":"","specified_url":"/obp/v4.0.0/banks/BANK_ID/my/consents","connector_methods":["obp.getBank","obp.getBankAccountsForUser"]},{"operation_id":"OBPv4.0.0-createTransactionRequestSepa","implemented_by":{"version":"OBPv4.0.0","function":"createTransactionRequestSepa"},"request_verb":"POST","request_url":"/obp/v4.0.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/SEPA/transaction-requests","summary":"Create Transaction Request (SEPA)","description":"Special instructions for SEPA:
\nWhen using a SEPA Transaction Request, you specify the IBAN of a Counterparty in the body of the request.
\nThe routing details (IBAN) of the counterparty will be forwarded to the core banking system for the transfer.
Initiate a Payment via creating a Transaction Request.
\nIn OBP, a transaction request
may or may not result in a transaction
. However, a transaction
only has one possible state: completed.
A Transaction Request
can have one of several states: INITIATED, NEXT_CHALLENGE_PENDING etc.
Transactions
are modeled on items in a bank statement that represent the movement of money.
Transaction Requests
are requests to move money which may or may not succeed and thus result in a Transaction
.
A Transaction Request
might create a security challenge that needs to be answered before the Transaction Request
proceeds.
\nIn case 1 person needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => COMPLETED
\nIn case n persons needs to answer security challenge we have next flow of state of an transaction request
:
\nINITIATED => NEXT_CHALLENGE_PENDING => ... => NEXT_CHALLENGE_PENDING => COMPLETED
The security challenge is bound to a user i.e. in case of right answer and the user is different than expected one the challenge will fail.
\nRule for calculating number of security challenges:
\nIf product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges
\n(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true)
\nIn case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1.
Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate).
\nTransaction Requests can have one of several Transaction Request Types which expect different bodies. The escaped body is returned in the details key of the GET response.
\nThis provides some commonality and one URL for many different payment or transfer types with enough flexibility to validate them differently.
The payer is set in the URL. Money comes out of the BANK_ID and ACCOUNT_ID specified in the URL.
\nIn sandbox mode, TRANSACTION_REQUEST_TYPE is commonly set to ACCOUNT. See getTransactionRequestTypesSupportedByBank for all supported types.
\nIn sandbox mode, if the amount is less than 1000 EUR (any currency, unless it is set differently on this server), the transaction request will create a transaction without a challenge, else the Transaction Request will be set to INITIALISED and a challenge will need to be answered.
\nIf a challenge is created you must answer it using Answer Transaction Request Challenge before the Transaction is created.
\nYou can transfer between different currency accounts. (new in 2.0.0). The currency in body must match the sending account.
\nThe following static FX rates are available in sandbox mode:
\n\nTransaction Requests satisfy PSD2 requirements thus:
\n1) A transaction can be initiated by a third party application.
\n2) The customer is informed of the charge that will incurred.
\n3) The call supports delegated authentication (OAuth)
\nSee this python code for a complete example of this flow.
\nThere is further documentation here
\nAuthentication is Mandatory
\nURL Parameters:
\nACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\nBANK_ID: gh.29.uk
\nVIEW_ID: owner
\nJSON request body fields:
\n\nJSON response body fields:
\naccount_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
\namount: 10.12
\nbank_id: gh.29.uk
\nchallenges: challenges
\ncounterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
\ncurrency: EUR
\ndate_of_birth: 2018-03-09
\niban: DE91 1000 0000 0123 4567 89
\nlegal_name: Eveline Tripman
\nstart_date: 2020-01-27
\nuser_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
\nvalue: 5987953
\n