Open banking — DiPocket
API Specification

Overview

This document specifies the basic set of API calls to access information about Users accounts by third parties.

API definitions

The following abbreviations are used for the format:

A = Alphabetic characters
N = Numeric characters
AN = Alphanumeric
B = Boolean
V = Variable character field
D = Date field

Conventions

Amounts: all money amounts are represented in cents, e.g.:

Test host

https://lvov.csltd.com.ua

Production host

https://openbanking.dipocket.org

Signing

DiPocket requires to sign request messages. The signature shall be included in the HTTP header. The electronic signature has to be based on a qualified certificate for electronic seals. This qualified certificate has to be issued by a qualified trust service provider.

This specification uses on a pure protocol level the following HTTP header in all HTTP requests uniformously for the support of the signature function:

Request Headers

Attribute Type Description
Digest String

Is contained if and only if the "Signature" element is contained in the header of the request.

The “Digest” Header contains a Hash of the message body. The only hash algorithms that may be used to calculate the digest within the context of this specification are SHA-256 and SHA-512.

Signature A signature of the request by the TPP on application level. See table ‘Elements of the "Signature" Header’ and example below.
TPP-Signature-Certificate String The certificate used for signing the request, in base64 encoding.

The following table lists the requirements on the "Signature" header:

Elements of the "Signature" Header

Element Type Condition Requirement
keyId String Mandatory

The keyId field is a string that the server can use to look up the component they need to validate the signature.

Serial Number of the TPP's certificate included in the "TPP-Signature-Certificate" header of this request. It shall be formatted as follows:

keyId="SN=XXX,CA=YYYYYYYYYYYYYYYY"

where “XXX" is the serial number of the certificate in hexadecimal coding given in the TPP-Signature-Certificate Header and "YYYYYYYYYYYYYYYY" is the full Distinguished Name of the Certification Authority having produced this certificate.

Algorithm String Optional The "Algorithm " parameter is used to specify the digital signature algorithm to use when generating the signature. Valid values for this parameter can be found in the Signature. The algorithm must identify the same algorithm for the signature as presented in the certificate (Element "TPP-Signature-Certificate") of this Request. It must identify SHA-256 or SHA-512 as Hash algorithm.
Headers String Mandatory

The "Headers" parameter is used to specify the list of HTTP headers included when generating the signature for the message. If specified, it should be a lowercased, quoted list of

HTTP header fields, separated by a single space character.

If not specified, implementations MUST operate as if the field were specified with a single value, the `Date` header, in the list of HTTP headers.

Note that the list order is important, and MUST be specified in the order the HTTP header field-value pairs are concatenated together during signing.

Must include:

  • "Digest",
  • "X-Request-ID",
  • "PSU-ID" (Client ID of the PSU. If and only if "PSU-ID" is included as a header of the HTTP-Request)
  • "PSU-Corporate-ID" (Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. If and only if "PSU Corporate-ID" is included as a header of the HTTP-Request),
  • "Date"
  • "TPP-Redirect-URI"(if and only if "TPP-Redirect-URI" is included as a header of the HTTP-Request).
  • No other entries may be included.
Signature String Mandatory The "signature" parameter is a base 64 encoded digital signature. The client uses the algorithm and headers signature parameters to form a canonicalised signing string. This `signing string is then signed with the key associated with keyId` and the algorithm corresponding to algorithm. The signature parameter is then set to the base 64 encoding of the signature.

Example

Assume a TPP needs to include a signature in the following Request:

POST https://api.testbank.com/v1/payments/sepa-credit-transfers
Content-Type: application/json
X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721
PSU-IP-Address: 192.168.8.78
PSU-ID: PSU-1234
PSU-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
TPP-Redirect-URI:https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&code_Cchallenge_Mmethod="S256"
Date: Sun, 06 Aug 2017 15:02:37 GMT

{
	"instructedAmount": {
		"currency": "EUR", "amount": "123"
	},
	"debtorAccount": {
		"iban": "DE2310010010123456789"
	},
	"creditor": {
		"name": "Merchant123"
	},
	"creditorAccount": {
		"iban": "DE23100120020123456789"
	},
	"remittanceInformationUnstructured": "Ref Number Merchant"
}

So the body would encode to the following String in Base64:

eyAgICANCiAgICJpbnN0cnVjdGVkQW1vdW50IjogeyJjdXJyZW5jeSI6ICJFVVIiLCAiYW1vdW50IjogIjEyMyJ9LA0KICAgImRlYnRvckFjY291bnQiOiB7ImliYW4iOiAiREUyMzEwMDEwMDEwMTIzNDU2Nzg5In0sDQogICAiY3JlZGl0b3IiOiB7Im5hbWUiOiAiTWVyY2hhbnQxMjMifSwNCiAgICJjcmVkaXRvckFjY291bnQiOiB7ImliYW4iOiAiREUyMzEwMDEyMDAyMDEyMzQ1Njc4OSJ9LA0KICAgInJlbWl0dGFuY2VJbmZvcm1hdGlvblVuc3RydWN0dXJlZCI6ICJSZWYgTnVtYmVyIE1lcmNoYW50Ig0KfQ==

and SHA-256 of the request body is

F9li3V7yu8S/QKVOhWiiiqJBhGMVId8UGZ4sBRVPkok= in Base64
('17D962DD5EF2BBC4BF40A54E8568A28AA24184631521DF14199E2C05154F9289' in hexadecimal representation)

So using signature algorithm rsa-sha256 the signed request of the TPP will be

POST https://api.testbank.com/v1/payments/sepa-credit-transfers
Content-Type: application/json
X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721
PSU-IP-Address: 192.168.8.78
PSU-ID: PSU-1234
PSU-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0)
Gecko/20100101 Firefox/54.0
TPP-Redirect-URI: https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&code_Cchallenge_Mmethod="S256"
Date: Sun, 06 Aug 2017 15:02:37 GMT
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",
headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",
signature="Base64(RSA-SHA256(signing string))"
TPP-Signature-Certificate: TPP's_eIDAS_Certificate

{
	"instructedAmount": {
		"currency": "EUR", "amount": "123"
	},
	"debtorAccount": {
		"iban": "DE2310010010123456789"
	},
	"creditor": {
		"name": "Merchant123"
	},
	"creditorAccount": {
		"iban": "DE23100120020123456789"
	},
	"remittanceInformationUnstructured": "Ref Number Merchant"
}

Where signing string is:

digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
x-request-id: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721
psu-id: PSU-1234
tpp-redirect-uri: https://client.example.com/cb&code_Cchallenge_Mmethod="S256"
date: Sun, 06 Aug 2017 15:02:37 GMT

Consent Request on Dedicated Accounts

Service allows to obtain consent for User’s data access

POST [host]/v1/consents

Request

Section Parameter Type Nullable Min Max Note
- TPP-Redirect-URI V NOT - ? Link for positive response https://tpp.calling.resource.com/OK_redirect
- TPP-Nok-Redirect-URI V NOT - ? Link for negative response https://tpp.calling.resource.com/NOK_redirect
balances iban V YES - 34 List of IBANs to which third party is asking access to view balance
transactions iban V YES - 34 List of IBANs to which third party is asking access to view transactions
- recurringIndicator B NOT - -

true, if the consent is for recurring access to the account data

false, if the consent is for one access to the account data

- validUntil D NOT - -

This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30.

If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the date adjusted by DiPocket. Working assumption is that DiPocket should cut the requested time to 1 year max.

- frequencyPerDay N NOT - ? This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".

Response

Parameter Type Nullable Min Max Note
ASPSP-SCA-Approach V NO - - Constant value = REDIRECT
Location V YES - ? unique resource per consent created by DiPocket
consentStatus V YES - ?

received - The consent data have been received and are technically correct. The data is not authorised yet.

rejected - The consent data have been rejected e.g. since no successful authorisation has taken place.

valid - The consent is accepted and valid for GET account data calls and others as specified in the consent object.

revokedByPsu - The consent has been revoked by the PSU towards the ASPSP.

expired - The consent expired.

terminatedByTpp - The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.

consentId V YES - ? Unique Id of created consent
scaRedirect V YES - ? Link to customer authentication page https://api.dipocket.org/authentication/1234-wertiq-983
status V YES - ? Path to consent status service /v1/consents/1234-wertiq-983/status
responseCode N YES - 3 List of the Response codes

Request

POST [host]/OpenBankingServices/v1/consents HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Content-Type: application/json
Tpp-Redirect-Uri: TPP-Redirect-URITEST
Tpp-Nok-Redirect-Uri: TPP-Nok-Redirect-URITEST
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest
X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Content-Length: 243
Connection: keep-alive

{
    "access": {
        "balances": [
            {"iban": "PL28124069604103380992567879"}
        ],
        "transactions": [
            { "iban": "PL28124069604103380992567879" }
        ]
    },
    "recurringIndicator": true,
    "validUntil": "2020-11-01",
    "frequencyPerDay": "4"
}
    

Response

HTTP/1.1 201 Created
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:14:42 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ASPSP-SCA-Approach: REDIRECT
Location: /v1/consents/WK48GZFITTYLSC6
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

{
    "consentId": "WK48GZFITTYLSC6",
    "consentStatus": "received",
    "_links": {
            "scaRedirect": {
            "href": "https://api.dipocket.org/authentication/WK48GZFITTYLSC6"
        }
    },
    "status": {
        "href": "/v1/consents/WK48GZFITTYLSC6/status"
    }
}
    

Get Consent Status Request

Service returns status of the consent

GET [host]/OpenBankingServices/v1/consents/[consentId]/status

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?

Response

Parameter Type Nullable Min Max Note
consentStatus V YES - ?

received - The consent data have been received and are technically correct. The data is not authorised yet.

rejected - The consent data have been rejected e.g. since no successful authorisation has taken place.

valid - The consent is accepted and valid for GET account data calls and others as specified in the consent object.

revokedByPsu - The consent has been revoked by the PSU towards the ASPSP.

expired - The consent expired.

terminatedByTpp - The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.

Request

GET [host]/OpenBankingServices/v1/consents/[consentId]/status HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest
X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
Tpp-Redirect-Uri: TPP-Redirect-URITEST
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Connection: keep-alive
    

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:19:04 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

{
    "consentStatus": "received"
}

Get Consent Request

Service shows list of IBANs available to access by provided Consent ID and consent details.

GET [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?

Response

Section Parameter Type Nullable Min Max Note
balances iban V YES - 34 List of IBANs to which third party has access to view balance
transactions iban V YES - 34 List of IBANs to which third party has access to view transactions
- recurringIndicator B YES - -

true, if the consent is for recurring access to the account data

false, if the consent is for one access to the account data

- validUntil D YES - -

This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30.

If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the date adjusted by DiPocket. Working assumption is that DiPocket should cut the requested time to 1 year max.

- frequencyPerDay N YES - ? This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".
- consentStatus V YES - ?

received - The consent data have been received and are technically correct. The data is not authorised yet.

rejected - The consent data have been rejected e.g. since no successful authorisation has taken place.

valid - The consent is accepted and valid for GET account data calls and others as specified in the consent object.

revokedByPsu - The consent has been revoked by the PSU towards the ASPSP.

expired - The consent expired.

terminatedByTpp - The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.

- account V YES - ? Path for accounts service /v1/accounts

Example

GET [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",
headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
Tpp-Redirect-Uri: TPP-Redirect-URITEST
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:22:46 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

{
	"access": {
		"balances": [
			{"iban": "PL29124069604103800000004864"},
			{"iban": "PL32124069604100800000004863"}
		],
		"transactions": [
			{"iban": "PL32124069604100800000004863"}
		]
	},
	"recurringIndicator": true,
	"validUntil": "2019-10-20",
	"frequencyPerDay": 5,
	"consentStatus": "valid",
	"_links": {
		"account": {
			"href": "/v1/accounts"
		}
	}
}

Delete an Account Information Consent Object

Service allows to change status of consent to ‘terminatedByTpp’

DELETE [host]/OpenBankingServices/v1/consents/[consentId]

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ? Consent ID which should be deleted

Response HTTP/1.x 204 No Content

Example

Request

DELETE [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",
headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
Tpp-Redirect-Uri: TPP-Redirect-URITEST
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Content-Length:
Connection: keep-alive

Response

HTTP/1.1 204 No Content
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:29:59 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

Read Account List

Service shows list of accounts which are available by provided consent ID and level of access for each

GET [host]/OpenBankingServices/v1/accounts

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?

Response

Parameter Type Nullable Min Max Note
iban V YES - 34 List of IBANs to which third party has access
currency A YES 3 3 ISO 4217 alphabetic code; Account currency code
name V YES - 30 Account name
balances V YES - ? Path for balances service /v1/accounts/ FR7612345987650123456789014/balances
transactions V YES - ? Path for transactions service /v1/accounts/ FR7612345987650123456789014/transactions

Request

GET [host]/OpenBankingServices/v1/accounts HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
Consent-ID: KNL2UQ7S7JS3MH3
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:32:40 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

{
	"accounts": [
		{
			"iban": "PL32124069604100800000004863",
			"currency": "PLN",
			"name": "Main Account",
			"_links": {
				"balances": {
					"href": "/v1/accounts/PL32124069604100800000004863/balances"
				},
				"transactions": {
					"href": "/v1/accounts/PL32124069604100800000004863/transactions"
				}
			}
		},
		{
			"iban": "PL29124069604103800000004864",
			"currency": "GBP",
			"name": "GBP Account",
			"_links": {
				"balances": {
					"href": "/v1/accounts/PL29124069604103800000004864/balances"
				}
			}
		}
	]
}

Read Account Details

Service shows details of account and level of access to it

GET [host]/OpenBankingServices/v1/accounts/[iban]

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?
iban V NOT - 34 IBAN

Response

Parameter Type Nullable Min Max Note
iban V YES - 34 IBAN
currency A YES 3 3 ISO 4217 alphabetic code; Account currency code
name V YES - 30 Account name
balances V YES - ? Link to balances service /v1/accounts/ FR7612345987650123456789014/balances
transactions V YES - ? Link to transactions service /v1/accounts/ FR7612345987650123456789014/transactions

Request

GET [host]/OpenBankingServices/v1/accounts/[iban] HTTP/1.1"
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9"
Consent-Id: KNL2UQ7S7JS3MH3"
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM="
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))""
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp"
Psu-Ip-Address: 192.168.1.1"
Psu-Id: testtppid"
User-Agent: PostmanRuntime/7.16.3"
Accept: */*"
Host: lvov.csltd.com.ua"
Accept-Encoding: gzip, deflate"
Connection: keep-alive"
    

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:36:06 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
{
    "account": {
    "iban": "PL29124069604103800000004864",
    "currency": "GBP",
    "name": "GBP Account",
    "_links": {
        "balances": {
            "href": "/v1/accounts/PL29124069604103800000004864/balances"
            }
        }
    }

Read Balance

Service shows available balance of the account

GET [host]/OpenBankingServices/v1/accounts/[iban]/balances

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?
iban V NOT - 34 IBAN

Response

Parameter Type Nullable Min Max Note
iban V NOT - 34 IBAN
balanceType V NOT - ? constant value = interimAvailable The working assumption is that DiPocket will provide only interimAvailable balance type.
currency A NOT 3 3 ISO 4217 alphabetic code;
amount N NOT - 15 Available amount of the default account in the IBAN currency

Example

Request

GET [host]/OpenBankingServices/v1/accounts/[iban]/balances HTTP/1.1"
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9"
Consent-Id: KNL2UQ7S7JS3MH3"Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM="
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))""
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp"
Psu-Ip-Address: 192.168.1.1"Psu-Id: testtppid"
User-Agent: PostmanRuntime/7.16.3"Accept: */*"
Host: lvov.csltd.com.ua"
Accept-Encoding: gzip, deflate"Connection: keep-alive"
    

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:38:42 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY

{
	"account": {
		"iban": "PL29124069604103800000004864"
	},
	"balances": [
		{
			"balanceType": "interimAvailable",
			"balanceAmount":
				{
					"currency": "GBP",
					"amount": -22020
				}
		}
	]
}

Read Transaction List

Service shows list of the transactions by account for selected period

GET[host]/OpenBankingServices/v1/accounts/[iban]/transactions[query params]

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?
iban V NOT - 34 IBAN
dateFrom D NOT - - yyyy-mm-dd e.g.2017-07-21
dateTo D YES - - optional (inclusive the data dateTo) of the transaction list, default is "now" if not given
bookingStatus V NOT - - mandatory; the working assumption is that DiPocket will provide only “booked” status. All other bookingStatus values should result in error “400 Bad Request”

Response

Parameter Type Nullable Min Max Note
iban V NOT - 34 IBAN
purposeCode V YES - 30
  • Bank transfer
  • Contactless Purchase
  • In-store Purchase
  • Cash withdrawal
  • Contactless phone
  • DiP transfer
  • Face to face
  • Online Purchase
  • Move My Funds
  • Fee
  • Payment transaction
  • Balance Check at ATM
  • Pin Change in ATM
creditorAccount V YES - 34

IBAN for bank transfer (outcoming)

Do not show for other transfer types

creditorName V YES - 2000 "[Merchant_Name]", //if purchase; "First name Last name", //if Dip Transfer// Payee name for bank transfer
debtorName V YES - 2000 "[Merchant_Name]", //if reversal/refund; "Paul Simpson",// if Dip Request Money// Payer name for incoming bank transfer
currency A YES 3 3 ISO 4217 alphabetic code; Transaction currency
amount N YES - 15 Transaction amount
bookingDate D YES - -

2018-07-09 17:28:40.344849 Europe/Warsaw

presentment date/acceptance date

valueDate D YES - - 2018-07-09 17:28:40.344849 Europe/Warsaw authorization date/creation date

Request

GET [host]/OpenBankingServices/v1/accounts/[iban]/transactions?iban=PL61124069604100380930511879&dateFrom=2017-07-21&dateTo=2019-08-25&bookingStatus=booked HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=12CAEE220DD484712C8679DFCEDD47D3
Consent-Id: E0OH9RTHGPX7I9C
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 15:56:31 GMT
Content-Type:
application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store,
max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY

{
	"account": {
		"iban": "PL61124069604100380930511879"
	},
	"transactions": {
		"booked": [
			{
				"purposeCode": "Top Up",
				"debtorName": "Inteligo ",
				"creditorAccount": {},
				"transactionAmount":
					{
						"currency": "PLN",
						"amount": 100000
					},
				"bookingDate": "2019-08-23 13:29:26.943152",
				"valueDate": "2019-08-23 13:29:19.864146"
			},
			{
				"purposeCode": "Move My Funds",
				"debtorName": "KP - Virt",
				"creditorAccount": {},
				"transactionAmount": {
					"currency": "PLN",
					"amount": 1000
				},
				"bookingDate": "2019-08-23 14:59:34.108301",
				"valueDate": "2019-08-23 14:59:33.667299"
			},
			{
				"purposeCode":
					"Move My Funds",
				"debtorName": "KP - Virt",
				"creditorAccount": {},
				"transactionAmount": {
					"currency": "PLN",
					"amount": 1200
				},
				"bookingDate": "2019-08-23 15:17:04.976048",
				"valueDate": "2019-08-23 15:17:04.513866"
			},
			{
				"purposeCode": "Move My Funds",
				"debtorName": "KP - Virt",
				"creditorAccount": {},
				"transactionAmount":
					{
						"currency": "PLN",
						"amount": 200
					},
				"bookingDate": "2019-08-23 15:40:26.232925",
				"valueDate": "2019-08-23 15:40:25.791896"
			},
			{
				"purposeCode": "Move My Funds",
				"debtorName": "KP - Virt",
				"creditorAccount": {},
				"transactionAmount": {
					"currency": "PLN",
					"amount": 1000
				},
				"bookingDate": "2019-08-23 15:44:28.40484",
				"valueDate": "2019-08-23 15:44:27.949699"
			},
			{
				"purposeCode": "Move My Funds",
				"creditorName": "KP - Virt",
				"creditorAccount": {},
				"transactionAmount": {
					"currency": "PLN",
					"amount": -10000
				},
				"bookingDate": "2019-08-23 15:46:35.819024",
				"valueDate": "2019-08-23 15: 46:35.501909"
			},
			{
				"purposeCode": "DiP transfer",
				"creditorName": "Ted Red",
				"creditorAccount": {},
				"transactionAmount":
					{
						"currency": "PLN",
						"amount": -5000
					},
				"bookingDate": "2019-08-23 13:42:29.103333",
				"valueDate":
					"2019-08-23 13:42:28.764195"
			}
		]
	}
}

Confirmation of Funds Request

Service checks if balance of account enough to cover specified amount

POST [host]/OpenBankingServices/v1/funds-confirmations

Request

Parameter Type Nullable Min Max Note
Consent-ID V NOT - ?
iban V NOT - 34 IBAN
currency A NOT 3 3 ISO 4217 alphabetic code; Account currency only
amount N NOT - 15 Amount in account currency

Response

Parameter Type Nullable Min Max Note
fundsAvailable B NOT - -

true -amount is smaller or equal to available amount on default account in requested currency

false - amount is bigger than available amount of default account in requested currency

Example

POST [host]/OpenBankingServices/v1/funds-confirmations HTTP/1.1
Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9
Consent-Id: KNL2UQ7S7JS3MH3
Content-Type: application/json
Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=
Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest
X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"
Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp
Psu-Ip-Address: 192.168.1.1
Psu-Id: testtppid
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Host: lvov.csltd.com.ua
Accept-Encoding: gzip, deflate
Content-Length: 147
Connection: keep-alive

{
	"account": {
		"iban": "PL32124069604100800000004863"
	},
	"instructedAmount":
		{
			"amount": "140",
			"currency": "PLN"
		}
}

Response

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 11 Sep 2019 12:42:30 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY

{
    "fundsAvailable": true
}

Consent utilization

Table describes how to count data access attempts

Access attempts decrease
Get Consent Status Request -
Get Consent Request -
Delete an Account Information Consent Object -
Read Account List -
Read Account Details -
Read Balance +
Read Transaction List +
Confirmation of Funds Request +
Request returns error -