The NextGenPSD2 Framework Version 1.2 offers a modern, open, harmonised and interoperable set of Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely. The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards in Europe and, aligned with the goals of the Euro Retail Payments Board, enables European banking customers to benefit from innovative products and services ('Banking as a Service') by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
Futhermore this API definition contains only a subset of the methods, the ones which are mandatory or which are applicable in the BT ecosystem.
Some General Remarks Related to this version of the OpenAPI Specification:
- This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API. It is not an replacement in any sense. The main specification is (at the moment) allways the Implementation Guidelines of the Berlin Group PSD2 API.
- This API definition contains the REST-API for requests from the PIISP to the ASPSP.
- This API definition contains the messages for all different approaches defined in the Implementation Guidelines. *
Changelog:
Version 1.0.3
- Added POST Consent, GET Consent Details, GET Consent Status, DELETE Consent APIs
- tppMessages error parameter is array instead of object
- various minor corrections and additions
production
development
https://api.apistorebt.ro/bt/sb
Paths
/v2/funds-confirmations
post /v2/funds-confirmations
Confirmation of Funds Service
Confirmation of Funds Request
Creates a confirmation of funds request at the ASPSP. Checks whether a specific amount is available at point of time of the request on an account linked to a given tuple card issuer(TPP)/card number, or addressed by IBAN and TPP respectively
X-Request-ID
Required in header
string / uuid
ID of the request, unique to the call, as determined by the initiating party.
body
Required in body
object
Request body for a confirmation of funds request.
Consent-ID
Required in header
string
This contains the consentId of the related PIISP consent, which was performed prior to this call.
Authorization
Required in header
string
This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2 Token endpoint.
Content-Type
Optional in header
string
application/json
Accept
Optional in header
string
application/json
200
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not found
405
Method Not Allowed
406
Not Acceptable
408
Request Timeout
415
Unsupported Media Type
429
Too Many Requests
503
Service Unavailable
default
Internal Server Error
Example Request
Example Response
POST https://api.apistorebt.ro/bt/sb/bt-psd2-piisp/v2/funds-confirmations
Try this operation
/v2/consents/confirmation-of-funds/{consentId}
/v2/consents/confirmation-of-funds
/v2/consents/confirmation-of-funds/{consentId}/status
Definitions
{
"title": "amount",
"example": {
"currency": "EUR",
"amount": "123"
},
"type": "object",
"properties": {
"currency": {
"description": "ISO 4217 Alpha 3 currency code",
"example": "EUR",
"type": "string",
"pattern": "[A-Z]{3}"
},
"amount": {
"description": "The amount given with fractional digits, where fractions must be compliant to the currency definition.\nUp to 14 significant figures. Negative amounts are signed by minus.\nThe decimal separator is a dot.\n\n**Example:**\nValid representations for EUR with up to two decimals are:\n\n * 1056\n * 5768.2\n * -1.50\n * 5877.78",
"example": "5877.78",
"type": "string",
"pattern": "-?[0-9]{1,14}(\\.[0-9]{1,3})?"
}
},
"required": [
"currency",
"amount"
]
}
JSON Request body for the "Confirmation of Funds Service"
| cardNumber | String | Optional | Card Number of the card issued by the PIISP. Should be delivered if available. |
| account | Account Reference | Mandatory | PSU's account number. |
| payee | Max70Text | Optional | The merchant where the card is accepted as an information to the PSU. |
| instructedAmount | Amount | Mandatory | Transaction amount to be checked within the funds check mechanism. |
{
"title": "confirmationOfFunds",
"type": "object",
"properties": {
"account": {
"description": "",
"$ref": "#/definitions/AccountList"
},
"instructedAmount": {
"$ref": "#/definitions/Amount"
},
"cardNumber": {
"description": "Card Number of the card issued by the PIISP. \nShould be delivered if available.",
"type": "string"
},
"payee": {
"description": "Name payee",
"type": "string",
"maxLength": 70
}
},
"required": [
"account",
"instructedAmount"
],
"example": {
"cardNumber": "12345678901234",
"account": {
"iban": " RO98BTRLRONCRT0ABCDEFGHI"
},
"instructedAmount": {
"currency": "EUR",
"amount": "123"
}
}
}
Equals "true" if sufficient funds are available at the time of the request, "false" otherwise.
{
"title": "V1 Funds Confirmations Response",
"type": "object",
"properties": {
"fundsAvailable": {
"description": "",
"type": "boolean"
}
},
"required": [
"fundsAvailable"
]
}
{
"properties": {
"tppMessages": {
"$ref": "#/definitions/TppMessages"
}
},
"additionalProperties": false
}
{
"type": "array",
"items": {
"$ref": "#/definitions/TppMessage"
}
}
{
"properties": {
"category": {
"type": "string"
},
"code": {
"properties": [],
"type": "string"
},
"text": {
"properties": [],
"type": "string"
}
},
"additionalProperties": false
}
{
"type": "object",
"properties": {
"iban": {
"properties": [],
"type": "string"
}
},
"additionalProperties": false,
"required": [
"iban"
]
}
{
"type": "object",
"properties": {
"iban": {
"properties": [],
"type": "string",
"minLength": 1
}
},
"required": [
"iban"
],
"additionalProperties": false
}
Content of the body of a consent request.
{
"title": "consents",
"type": "object",
"properties": {
"account": {
"$ref": "#/definitions/Account",
"description": "Account, where the confirmation of funds service is aimed to be submitted to."
},
"cardNumber": {
"properties": [],
"type": "string",
"description": "Card Number of the card issued by the PIISP. Should be delivered if available."
},
"cardExpiryDate": {
"properties": [],
"type": "string",
"description": "Expiry date of the card issued by the PIISP"
},
"cardInformation": {
"properties": [],
"type": "string",
"description": "Additional explanation for the card product."
},
"registrationInformation": {
"properties": [],
"type": "string",
"description": "Additional information about the registration process for the PSU, e.g. a reference to the TPP / PSU contract"
}
},
"required": [
"account"
],
"example": {
"account": {
"iban": "RO98BTRLRONCRT0ABCDEFGHI"
},
"cardNumber": "12345678912345",
"cardExpiryDate": "2019-04-22",
"cardInformation": "MyMerchant Loyalty Card",
"registrationInformation": "Your contract Number 1234 with MyMerchant is completed with the registration with your bank."
},
"additionalProperties": false
}
{
"title": "accountAccess",
"type": "object",
"properties": {
"accounts": {
"description": "Is asking for detailed account information. \n\nIf the array is empty, the TPP is asking for an accessible account list. \nThis may be restricted in a PSU/ASPSP authorization dialogue.\nIf the array is empty, also the arrays for balances or transactions shall be empty, if used.",
"items": {
"type": "object"
},
"$ref": "#/definitions/IBANList"
},
"balances": {
"description": "Is asking for balances of the addressed accounts.\n\nIf the array is empty, the TPP is asking for the balances of all accessible account lists. \nThis may be restricted in a PSU/ASPSP authorization dialogue.\nIf the array is empty, also the arrays for accounts or transactions shall be empty, if used.",
"items": {
"type": "object"
},
"$ref": "#/definitions/IBANList"
},
"transactions": {
"description": "Is asking for transactions of the addressed accounts. \n\nIf the array is empty, the TPP is asking for the transactions of all accessible account lists. \nThis may be restricted in a PSU/ASPSP authorization dialogue.\nIf the array is empty, also the arrays for accounts or balances shall be empty, if used.",
"items": {
"type": "object"
},
"$ref": "#/definitions/IBANList"
},
"availableAccounts": {
"description": "Optional if supported by API provider.\n\nOnly the value \"allAccounts\" is admitted.",
"example": "allAccounts",
"type": "string",
"default": "allAccounts"
}
},
"additionalProperties": false
}
Body of the JSON response for a successful conset request.
{
"title": "consentsResponse-201",
"type": "object",
"properties": {
"consentStatus": {
"$ref": "#/definitions/ConsentStatus"
},
"consentId": {
"description": "ID of the corresponding consent object as returned by an Account Information Consent Request.",
"type": "string"
},
"_links": {
"description": "A list of hyperlinks to be recognised by the TPP. Type of links admitted in this response are: \n- 'scaOAuth' In case of an OAuth2 based Redirect Approach, the ASPSP is transmitting the link where the configuration of the OAuth2 Server is defined. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. \n- 'self': The link to the Establish Account Information Consent resource created by this request. This link can be used to retrieve the resource data. \n- 'status': The link to retrieve the status of the account information consent.",
"type": "object",
"additionalProperties": {
"type": "object"
}
},
"message": {
"description": "Text to be displayed to the PSU, e.g. in a Decoupled SCA Approach.",
"type": "string",
"maxLength": 512
}
},
"required": [
"consentStatus",
"consentId",
"_links"
],
"example": {
"consentStatus": "received",
"consentId": "15535944504672sfbf51fa",
"_links": {
"scaOAuth": {
"href": "https://apistorebt.ro/bt/sb/oauth/.well-known/oauth-authorization-server"
},
"self": {
"href": "https://apistorebt.ro/bt/sb/bt-psd2-aisp/v3/consents/15535944504672sfbf51fa"
},
"status": {
"href": "https://apistorebt.ro/bt/sb/bt-psd2-aisp/v3/consents/15535944504672sfbf51fa/status"
}
}
}
}
{
"title": "consentStatus",
"example": "received",
"x-enum-elements": [
{
"name": "received",
"description": ""
},
{
"name": "rejected",
"description": ""
},
{
"name": "valid",
"description": ""
},
{
"name": "revokedByPsu",
"description": ""
},
{
"name": "expired",
"description": ""
},
{
"name": "terminatedByTpp",
"description": ""
}
],
"type": "string",
"enum": [
"received",
"rejected",
"valid",
"revokedByPsu",
"expired",
"terminatedByTpp"
]
}
Body of the JSON response for a successfull get consent request.
{
"title": "consentInformationResponse-200_json",
"type": "object",
"properties": {
"access": {
"$ref": "#/definitions/AccountAccess"
},
"recurringIndicator": {
"description": "\"true\", if the consent is for recurring access to the account data.\n\n\"false\", if the consent is for one access to the account data.",
"example": false,
"type": "boolean"
},
"validUntil": {
"description": "This parameter is requesting a valid until date for the requested consent. \nThe content is the local ASPSP date in ISO-Date Format, e.g. 2017-10-30. \n\nIf a maximal available date is requested, a date in far future is to be used: \"9999-12-31\". \nThe consent object to be retrieved by the GET Consent Request will contain the adjusted date.",
"example": "2020-12-31",
"type": "string",
"format": "date"
},
"frequencyPerDay": {
"description": "This field indicates the requested maximum frequency for an access per day.\nFor a one-off access, this attribute is set to \"1\".",
"example": 4,
"type": "integer",
"format": "int32"
},
"lastActionDate": {
"description": "This date is containing the date of the last action on the consent object either through \nthe XS2A interface or the PSU/ASPSP interface having an impact on the status.",
"example": "2018-07-01",
"type": "string",
"format": "date"
},
"consentStatus": {
"$ref": "#/definitions/ConsentStatus"
}
},
"required": [
"access",
"recurringIndicator",
"validUntil",
"frequencyPerDay",
"lastActionDate",
"consentStatus"
],
"example": {
"access": {
"allPSD2": "allAccounts"
},
"recurringIndicator": true,
"validUntil": "2019-04-22",
"frequencyPerDay": "4",
"consentStatus": "valid",
"lastActionDate": "2019-03-26"
}
}
Body of the JSON response for a successful get status request for a consent.
{
"title": "consentStatusResponse-200",
"type": "object",
"properties": {
"consentStatus": {
"$ref": "#/definitions/ConsentStatus"
}
},
"required": [
"consentStatus"
],
"example": {
"consentStatus": "valid"
}
}
{
"type": "array",
"items": {
"$ref": "#/definitions/IBAN"
}
}
{
"type": "object",
"properties": {
"iban": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"iban"
]
}
Authentication Object
{
"title": "authenticationObject",
"type": "object",
"properties": {
"authenticationType": {
"$ref": "#/definitions/AuthenticationType"
},
"authenticationMethodId": {
"description": "An identification provided by the ASPSP for the later identification of the authentication method selection.",
"example": "myAuthenticationID",
"type": "string",
"maxLength": 35
},
"authenticationVersion": {
"description": "Depending on the \"authenticationType\".\nThis version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type.\nThis version can be referred to in the ASPSP?s documentation.",
"type": "string"
},
"name": {
"description": "This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP.\nAlternatively this could be a description provided by the ASPSP like \"SMS OTP on phone +49160 xxxxx 28\".\nThis name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.",
"example": "SMS OTP on phone +49160 xxxxx 28",
"type": "string"
},
"explanation": {
"description": "Detailed information about the SCA method for the PSU.",
"example": "Detailed information about the SCA method for the PSU.",
"type": "string"
}
},
"required": [
"authenticationType",
"authenticationMethodId"
]
}
{
"title": "authenticationType",
"example": "SMS_OTP",
"x-enum-elements": [
{
"name": "SMS_OTP",
"description": ""
},
{
"name": "CHIP_OTP",
"description": ""
},
{
"name": "PHOTO_OTP",
"description": ""
},
{
"name": "PUSH_OTP",
"description": ""
}
],
"type": "string",
"enum": [
"SMS_OTP",
"CHIP_OTP",
"PHOTO_OTP",
"PUSH_OTP"
]
}
{
"title": "challengeData",
"type": "object",
"properties": {
"image": {
"description": "PNG data (max. 512 kilobyte) to be displayed to the PSU,\nBase64 encoding, cp. [RFC4648].\nThis attribute is used only, when PHOTO_OTP or CHIP_OTP\nis the selected SCA method.",
"type": "string"
},
"data": {
"description": "String challenge data",
"type": "string"
},
"imageLink": {
"description": "A link where the ASPSP will provides the challenge image for the TPP.",
"type": "string"
},
"otpMaxLength": {
"description": "The maximal length for the OTP to be typed in by the PSU.",
"type": "integer",
"format": "int32"
},
"otpFormat": {
"$ref": "#/definitions/OtpFormat"
},
"additionalInformation": {
"description": "Additional explanation for the PSU to explain\ne.g. fallback mechanism for the chosen SCA method.\nThe TPP is obliged to show this to the PSU.",
"type": "string"
}
}
}
{
"title": "OtpFormat",
"example": "characters",
"x-enum-elements": [
{
"name": "characters",
"description": ""
},
{
"name": "integer",
"description": ""
}
],
"type": "string",
"enum": [
"characters",
"integer"
]
}