This document describes the DiPocket’s implementation of Open Banking dedicated interface and specifies the set of API calls to access information about PSU accounts and receive the confirmation of funds. The DiPocket’s implementation of Open Banking dedicated interface follows the “NextGenPSD2 XS2A Specification” developed by Berlin Group market initiative. The Berlin Group is a pan-European payments interoperability standards and harmonization initiative with the primary objective of defining open and common scheme- and processor-independent standards in the interbanking domain.
The following abbreviations are used for the format:
A | = | Alphabetic characters |
N | = | Numeric characters |
AN | = | Alphanumeric |
B | = | Boolean |
V | = | Variable character field |
D | = | Date field |
Amounts: all money amounts are represented in cents, e.g.:
https://obc.dipocket.site
https://openbanking.dipocket.org
DiPocket requires to sign request messages. The signature shall be included in the HTTP header. The electronic signature has to be based on a qualified certificate for electronic seals. This qualified certificate has to be issued by a qualified trust service provider.
This specification uses on a pure protocol level the following HTTP header in all HTTP requests uniformously for the support of the signature function:
Attribute | Type | Description |
Digest | String |
Is contained if and only if the "Signature" element is contained in the header of the request. The “Digest” Header contains a Hash of the message body. The only hash algorithms that may be used to calculate the digest within the context of this specification are SHA-256 and SHA-512. |
Signature | A signature of the request by the TPP on application level. See table ‘Elements of the "Signature" Header’ and example below. | |
TPP-Signature-Certificate | String | The certificate used for signing the request, in base64 encoding. |
The following table lists the requirements on the "Signature" header:
Element | Type | Condition | Requirement |
keyId | String | Mandatory |
The keyId field is a string that the server can use to look up the component they need to validate the signature. Serial Number of the TPP's certificate included in the "TPP-Signature-Certificate" header of this request. It shall be formatted as follows: keyId="SN=XXX,CA=YYYYYYYYYYYYYYYY"
where “XXX" is the serial number of the certificate in hexadecimal coding given in the TPP-Signature-Certificate Header and "YYYYYYYYYYYYYYYY" is the full Distinguished Name of the Certification Authority having produced this certificate. |
Algorithm | String | Optional | The "Algorithm " parameter is used to specify the digital signature algorithm to use when generating the signature. Valid values for this parameter can be found in the Signature. The algorithm must identify the same algorithm for the signature as presented in the certificate (Element "TPP-Signature-Certificate") of this Request. It must identify SHA-256 or SHA-512 as Hash algorithm. |
Headers | String | Mandatory |
The "Headers" parameter is used to specify the list of HTTP headers included when generating the signature for the message. If specified, it should be a lowercased, quoted list of HTTP header fields, separated by a single space character. If not specified, implementations MUST operate as if the field were specified with a single value, the `Date` header, in the list of HTTP headers. Note that the list order is important, and MUST be specified in the order the HTTP header field-value pairs are concatenated together during signing. Must include:
|
Signature | String | Mandatory |
The "signature" parameter is a base 64 encoded digital signature. The client uses the algorithm
and headers signature parameters to form a canonicalised signing string . This
`signing string is then signed with the key associated with keyId` and the algorithm
corresponding to algorithm . The signature parameter is then set to the base 64
encoding of the signature.
|
Assume a TPP needs to include a signature in the following Request:
POST https://api.testbank.com/v1/payments/sepa-credit-transfers Content-Type: application/json X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 PSU-IP-Address: 192.168.8.78 PSU-ID: PSU-1234 PSU-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 TPP-Redirect-URI:https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&code_Cchallenge_Mmethod="S256" Date: Sun, 06 Aug 2017 15:02:37 GMT { "instructedAmount": { "currency": "EUR", "amount": "123" }, "debtorAccount": { "iban": "DE2310010010123456789" }, "creditor": { "name": "Merchant123" }, "creditorAccount": { "iban": "DE23100120020123456789" }, "remittanceInformationUnstructured": "Ref Number Merchant" }
So the body would encode to the following String in Base64:
and SHA-256 of the request body is
F9li3V7yu8S/QKVOhWiiiqJBhGMVId8UGZ4sBRVPkok= in Base64 ('17D962DD5EF2BBC4BF40A54E8568A28AA24184631521DF14199E2C05154F9289' in hexadecimal representation)
So using signature algorithm rsa-sha256 the signed request of the TPP will be
POST https://api.testbank.com/v1/payments/sepa-credit-transfers Content-Type: application/json X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 PSU-IP-Address: 192.168.8.78 PSU-ID: PSU-1234 PSU-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 TPP-Redirect-URI: https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&code_Cchallenge_Mmethod="S256" Date: Sun, 06 Aug 2017 15:02:37 GMT Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" TPP-Signature-Certificate: TPP's_eIDAS_Certificate { "instructedAmount": { "currency": "EUR", "amount": "123" }, "debtorAccount": { "iban": "DE2310010010123456789" }, "creditor": { "name": "Merchant123" }, "creditorAccount": { "iban": "DE23100120020123456789" }, "remittanceInformationUnstructured": "Ref Number Merchant" }
Where signing string is:
digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= x-request-id: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 psu-id: PSU-1234 tpp-redirect-uri: https://client.example.com/cb&code_Cchallenge_Mmethod="S256" date: Sun, 06 Aug 2017 15:02:37 GMT
This service is intended for the PSU authentication prior to providing the accounts and confirmation of funds services.
POST [host]/v1/consents
Section | Parameter | Type | Nullable | Min | Max | Note |
- | TPP-Redirect-URI | V | NOT | - | ? | Link for positive response https://tpp.calling.resource.com/OK_redirect |
- | TPP-Nok-Redirect-URI | V | NOT | - | ? | Link for negative response https://tpp.calling.resource.com/NOK_redirect |
balances | iban | V | YES | - | 34 | List of IBANs to which third party is asking access to view balance |
transactions | iban | V | YES | - | 34 | List of IBANs to which third party is asking access to view transactions |
- | recurringIndicator | B | NOT | - | - |
true, if the consent is for recurring access to the account data false, if the consent is for one access to the account data |
- | validUntil | D | NOT | - | - |
This parameter defines a “valid until” date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. The consent object to be retrieved by the GET Consent Request will contain the date adjusted by DiPocket to meet the RTS SCA requirements. |
- | frequencyPerDay | N | NOT | - | ? | This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1". |
Parameter | Type | Nullable | Min | Max | Note |
ASPSP-SCA-Approach | V | NO | - | - | Constant value = REDIRECT |
Location | V | YES | - | ? | unique resource per consent created by DiPocket |
consentStatus | V | YES | - | ? |
|
consentId | V | YES | - | ? | Unique Id of created consent |
scaRedirect | V | YES | - | ? | Link to customer authentication page https://api.dipocket.org/authentication/1234-wertiq-983 |
status | V | YES | - | ? | Path to consent status service /v1/consents/1234-wertiq-983/status |
responseCode | N | YES | - | 3 | List of the Response codes |
POST [host]/OpenBankingServices/v1/consents HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Content-Type: application/json Tpp-Redirect-Uri: TPP-Redirect-URITEST Tpp-Nok-Redirect-Uri: TPP-Nok-Redirect-URITEST Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Content-Length: 243 Connection: keep-alive { "access": { "balances": [ {"iban": "PL28124069604103380992567879"} ], "transactions": [ { "iban": "PL28124069604103380992567879" } ] }, "recurringIndicator": true, "validUntil": "2020-11-01", "frequencyPerDay": "4" }
HTTP/1.1 201 Created Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:14:42 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive ASPSP-SCA-Approach: REDIRECT Location: /v1/consents/WK48GZFITTYLSC6 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "consentId": "WK48GZFITTYLSC6", "consentStatus": "received", "_links": { "scaRedirect": { "href": "https://api.dipocket.org/authentication/WK48GZFITTYLSC6" } }, "status": { "href": "/v1/consents/WK48GZFITTYLSC6/status" } }
Service returns status of the consent
GET [host]/OpenBankingServices/v1/consents/[consentId]/status
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? |
Parameter | Type | Nullable | Min | Max | Note |
consentStatus | V | YES | - | ? |
|
GET [host]/OpenBankingServices/v1/consents/[consentId]/status HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid Tpp-Redirect-Uri: TPP-Redirect-URITEST User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:19:04 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "consentStatus": "received" }
Service shows list of IBANs available to access by provided Consent ID and consent details.
GET [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? |
Section | Parameter | Type | Nullable | Min | Max | Note |
balances | iban | V | YES | - | 34 | List of IBANs to which third party has access to view balance |
transactions | iban | V | YES | - | 34 | List of IBANs to which third party has access to view transactions |
- | recurringIndicator | B | YES | - | - |
|
- | validUntil | D | YES | - | - |
This parameter defines a “valid until” date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. The consent object to be retrieved by the GET Consent Request will contain the date adjusted by DiPocket to meet the RTS SCA requirements. |
- | frequencyPerDay | N | YES | - | ? | This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1". |
- | consentStatus | V | YES | - | ? |
|
- | account | V | YES | - | ? | Path for accounts service /v1/accounts |
GET [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid Tpp-Redirect-Uri: TPP-Redirect-URITEST User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:22:46 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "access": { "balances": [ {"iban": "PL29124069604103800000004864"}, {"iban": "PL32124069604100800000004863"} ], "transactions": [ {"iban": "PL32124069604100800000004863"} ] }, "recurringIndicator": true, "validUntil": "2019-10-20", "frequencyPerDay": 5, "consentStatus": "valid", "_links": { "account": { "href": "/v1/accounts" } } }
Service allows to change status of consent to ‘terminatedByTpp’
DELETE [host]/OpenBankingServices/v1/consents/[consentId]
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? | Consent ID which should be deleted |
Response HTTP/1.x 204 No Content
DELETE [host]/OpenBankingServices/v1/consents/[consentId] HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid Tpp-Redirect-Uri: TPP-Redirect-URITEST User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Content-Length: Connection: keep-alive
HTTP/1.1 204 No Content Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:29:59 GMT Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY
Service shows list of accounts which are available by provided consent ID and level of access for each
GET [host]/OpenBankingServices/v1/accounts
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? |
Parameter | Type | Nullable | Min | Max | Note |
iban | V | YES | - | 34 | List of IBANs to which third party has access |
currency | A | YES | 3 | 3 | ISO 4217 alphabetic code; Account currency code |
name | V | YES | - | 30 | Account name |
balances | V | YES | - | ? | Path for balances service /v1/accounts/ FR7612345987650123456789014/balances |
transactions | V | YES | - | ? | Path for transactions service /v1/accounts/ FR7612345987650123456789014/transactions |
GET [host]/OpenBankingServices/v1/accounts HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid Consent-ID: KNL2UQ7S7JS3MH3 User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:32:40 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "accounts": [ { "iban": "PL32124069604100800000004863", "currency": "PLN", "name": "Main Account", "_links": { "balances": { "href": "/v1/accounts/PL32124069604100800000004863/balances" }, "transactions": { "href": "/v1/accounts/PL32124069604100800000004863/transactions" } } }, { "iban": "PL29124069604103800000004864", "currency": "GBP", "name": "GBP Account", "_links": { "balances": { "href": "/v1/accounts/PL29124069604103800000004864/balances" } } } ] }
Service shows details of account and level of access to it
GET [host]/OpenBankingServices/v1/accounts/[iban]
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? | |
iban | V | NOT | - | 34 | IBAN |
Parameter | Type | Nullable | Min | Max | Note |
iban | V | YES | - | 34 | IBAN |
currency | A | YES | 3 | 3 | ISO 4217 alphabetic code; Account currency code |
name | V | YES | - | 30 | Account name |
balances | V | YES | - | ? | Link to balances service /v1/accounts/ FR7612345987650123456789014/balances |
transactions | V | YES | - | ? | Link to transactions service /v1/accounts/ FR7612345987650123456789014/transactions |
GET [host]/OpenBankingServices/v1/accounts/[iban] HTTP/1.1" Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9" Consent-Id: KNL2UQ7S7JS3MH3" Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=" Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp" Psu-Ip-Address: 192.168.1.1" Psu-Id: testtppid" User-Agent: PostmanRuntime/7.16.3" Accept: */*" Host: obc.dipocket.site" Accept-Encoding: gzip, deflate" Connection: keep-alive"
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:36:06 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "account": { "iban": "PL29124069604103800000004864", "currency": "GBP", "name": "GBP Account", "_links": { "balances": { "href": "/v1/accounts/PL29124069604103800000004864/balances" } } }
Service shows available balance of the account
GET [host]/OpenBankingServices/v1/accounts/[iban]/balances
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? | |
iban | V | NOT | - | 34 | IBAN |
Parameter | Type | Nullable | Min | Max | Note |
iban | V | NOT | - | 34 | IBAN |
balanceType | V | NOT | - | ? | constant value = interimAvailable The working assumption is that DiPocket will provide only interimAvailable balance type. |
currency | A | NOT | 3 | 3 | ISO 4217 alphabetic code; |
amount | N | NOT | - | 15 | Available amount of the default account in the IBAN currency |
GET [host]/OpenBankingServices/v1/accounts/[iban]/balances HTTP/1.1" Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9" Consent-Id: KNL2UQ7S7JS3MH3"Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM=" Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp" Psu-Ip-Address: 192.168.1.1"Psu-Id: testtppid" User-Agent: PostmanRuntime/7.16.3"Accept: */*" Host: obc.dipocket.site" Accept-Encoding: gzip, deflate"Connection: keep-alive"
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:38:42 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY { "account": { "iban": "PL29124069604103800000004864" }, "balances": [ { "balanceType": "interimAvailable", "balanceAmount": { "currency": "GBP", "amount": -22020 } } ] }
Service shows list of the transactions by account for selected period
GET[host]/OpenBankingServices/v1/accounts/[iban]/transactions[query params]
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? | |
iban | V | NOT | - | 34 | IBAN |
dateFrom | D | NOT | - | - | yyyy-mm-dd e.g.2017-07-21 |
dateTo | D | YES | - | - | optional (inclusive the data dateTo) of the transaction list, default is "now" if not given |
bookingStatus | V | NOT | - | - | mandatory; the working assumption is that DiPocket will provide only “booked” status. All other bookingStatus values should result in error “400 Bad Request” |
Parameter | Type | Nullable | Min | Max | Note |
iban | V | NOT | - | 34 | IBAN |
purposeCode | V | YES | - | 30 |
|
creditorAccount | V | YES | - | 34 |
IBAN for bank transfer (outcoming) Do not show for other transfer types |
creditorName | V | YES | - | 2000 | "[Merchant_Name]", //if purchase; "First name Last name", //if Dip Transfer// Payee name for bank transfer |
debtorName | V | YES | - | 2000 | "[Merchant_Name]", //if reversal/refund; "Paul Simpson",// if Dip Request Money// Payer name for incoming bank transfer |
currency | A | YES | 3 | 3 | ISO 4217 alphabetic code; Transaction currency |
amount | N | YES | - | 15 | Transaction amount |
bookingDate | D | YES | - | - |
2018-07-09 17:28:40.344849 Europe/Warsaw presentment date/acceptance date |
valueDate | D | YES | - | - | 2018-07-09 17:28:40.344849 Europe/Warsaw authorization date/creation date |
GET [host]/OpenBankingServices/v1/accounts/[iban]/transactions?iban=PL61124069604100380930511879&dateFrom=2017-07-21&dateTo=2019-08-25&bookingStatus=booked HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=12CAEE220DD484712C8679DFCEDD47D3 Consent-Id: E0OH9RTHGPX7I9C Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 15:56:31 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: DENY { "account": { "iban": "PL61124069604100380930511879" }, "transactions": { "booked": [ { "purposeCode": "Top Up", "debtorName": "Inteligo ", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": 100000 }, "bookingDate": "2019-08-23 13:29:26.943152", "valueDate": "2019-08-23 13:29:19.864146" }, { "purposeCode": "Move My Funds", "debtorName": "KP - Virt", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": 1000 }, "bookingDate": "2019-08-23 14:59:34.108301", "valueDate": "2019-08-23 14:59:33.667299" }, { "purposeCode": "Move My Funds", "debtorName": "KP - Virt", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": 1200 }, "bookingDate": "2019-08-23 15:17:04.976048", "valueDate": "2019-08-23 15:17:04.513866" }, { "purposeCode": "Move My Funds", "debtorName": "KP - Virt", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": 200 }, "bookingDate": "2019-08-23 15:40:26.232925", "valueDate": "2019-08-23 15:40:25.791896" }, { "purposeCode": "Move My Funds", "debtorName": "KP - Virt", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": 1000 }, "bookingDate": "2019-08-23 15:44:28.40484", "valueDate": "2019-08-23 15:44:27.949699" }, { "purposeCode": "Move My Funds", "creditorName": "KP - Virt", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": -10000 }, "bookingDate": "2019-08-23 15:46:35.819024", "valueDate": "2019-08-23 15: 46:35.501909" }, { "purposeCode": "DiP transfer", "creditorName": "Ted Red", "creditorAccount": {}, "transactionAmount": { "currency": "PLN", "amount": -5000 }, "bookingDate": "2019-08-23 13:42:29.103333", "valueDate": "2019-08-23 13:42:28.764195" } ] } }
Service checks if balance of account enough to cover specified amount
POST [host]/OpenBankingServices/v1/funds-confirmations
Parameter | Type | Nullable | Min | Max | Note |
Consent-ID | V | NOT | - | ? | |
iban | V | NOT | - | 34 | IBAN |
currency | A | NOT | 3 | 3 | ISO 4217 alphabetic code; Account currency only |
amount | N | NOT | - | 15 | Amount in account currency |
Parameter | Type | Nullable | Min | Max | Note |
fundsAvailable | B | NOT | - | - |
|
POST [host]/OpenBankingServices/v1/funds-confirmations HTTP/1.1 Cookie: JSESSIONID=DEBBBD061A365E2A70505AFB5CE7F1A7; Cookie_1=value; JSESSIONID=ACF73079EF4B1C91B1A416FB454CD0E9 Consent-Id: KNL2UQ7S7JS3MH3 Content-Type: application/json Digest: SHA-256=ZuYiOtZkVxhjWmwTO5lOpsPevUNMezvk6dfb6fVhebM= Signature: keyId="SN=9FA1,CA=D-TRUST%20CA%202-1%202015,O=DTrust%20GmbH,C=D-E",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))" Tpp-Signature-Certificate: MIIElDCCA3ygAwIBAgIJAIX2W+2EDxehMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAkZSMQswCQYDVQQIEwJGUjETMBEGA1UEChMKQ2VydEV1cm9wZTETMBEGA1UEAxMKQ2VydEV1cm9wZTAeFw0xOTAyMTkxNTIyMDdaFw0yMDAyMTkxNTIyMDdaMIGFMQswCQYDVQQGEwJHQjErMCkGA1UECgwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDErMCkGA1UEAwwiS29uc2VudHVzIFBheW1lbnQgU2VydmljZXMgTGltaXRlZDEcMBoGA1UEYQwTUFNER0ItRkNBLWt0LTQ4NDM0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoLgXDQ+nditYb2tTwxtDnDk5sOPIJyHgeN6omgcOmbmad9+b9PPknWcCdNuyruv0keIv5A8592j8IxIzF3RaNH0OE+SLzFMuAz2xRbA2BrD6q1XPcML5H4lkmEuYGuH+Xtv9zIaTtPQxapQmruUPDHD3+9MjmyyHpkyrRnqQ2JG+df7CEeD9eN53DU7B4u2MgXiibQcyWk2dk+KpGSIssOZA5+aetWs29aD6BJUUOt492UeLIMZAtlGZzF+I5ASMiXzL4wnUSOOLmSfTIsSVm7ChebZe6b7PuY/k3kBw2rrTNhHGWqYPpyzkri9lPhtICe/12r8Mze3UIOZ3QHghMCAwEAAaOCAUUwggFBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB2DbT6Y4KSVWTsDRIaIet6L0XCCMB8GA1UdIwQYMBaAFNINLe/phgwefLhOutKprennyA1PMAkGA1UdEQQCMAAwUgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS5jcmwwgYcGCCsGAQUFBwEBBHsweTAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Aua29uc2VudHVzLmNvbTBQBggrBgEFBQcwAoZEaHR0cHM6Ly9zMy5ldS13ZXN0LTIuYW1hem9uYXdzLmNvbS9rLWNlcnRzL2t0LXN1Y2Nlc3Mtam91cm5leS1jYS5kZXIwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQAFrsonr/NNN2Hl9EBB+aAhB3exNnDXCOM8eqoDnwTA3A5Nyj5gXq2cy5s8S2CjAodj9yG3ZQdAxN/MVlZ909cmZC87M87KGw0x1LkfF5M65nMz5ynx6NeCASO0uqNkt4yKrT6EDuq7E8hoFteYQ6z4xMKX3NZ2KzIE8EWxuHOYPSjEbCeYea4ACTThOlPeFgWFMTs/oRXMkDRTcFcWthEaUKiFRJsqGMKZNp++q9gOAcB84H6+PekbieZKHxNEXTiFIwKMhCQ/FI8kwhdJxq8iBRc++fCkZ/HfS0ezYQoUaCfGckZpS6HK8TKP/HHNe/TCxS1xFVkO1k8cNK5ZFjQp Psu-Ip-Address: 192.168.1.1 Psu-Id: testtppid User-Agent: PostmanRuntime/7.16.3 Accept: */* Host: obc.dipocket.site Accept-Encoding: gzip, deflate Content-Length: 147 Connection: keep-alive { "account": { "iban": "PL32124069604100800000004863" }, "instructedAmount": { "amount": "140", "currency": "PLN" } }
HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 12:42:30 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: DENY { "fundsAvailable": true }
Table describes how to count data access attempts
Access attempts decrease | |
Get Consent Status Request | - |
Get Consent Request | - |
Delete an Account Information Consent Object | - |
Read Account List | - |
Read Account Details | - |
Read Balance | + |
Read Transaction List | + |
Confirmation of Funds Request | + |
Request returns error | - |
200 OK | PUT, GET Response Codes |
204 No Content | DELETE response code where a consent resource was successfully deleted. The code indicates that the request was performed, but no content was returned. |
400 Bad Request | Validation error occurred. This code will cover malformed syntax in request or incorrect data in payload. |
401 Unauthorized | The TPP or the PSU is not correctly authorized to perform the request. Retry the request with correct authentication information. |
404 Not found | Returned if the resource or endpoint that was referenced in the path does not exist or cannot be referenced by the TPP or the PSU. |
405 Method Not Allowed | This code is only sent when the HTTP method (POST, DELETE, GET etc.) is not supported on a specific endpoint. It has nothing to do with the consent or account information data model. |
415 Unsupported Media Type | The TPP has supplied a media type which the ASPSP does not support. |
429 Too Many Requests | The TPP has exceeded the number of requests allowed by the consent or by the RTS. |
500 Internal Server Error | Internal server error occurred. |
503 Service Unavailable | The ASPSP server is currently unavailable. |