Air Bank OpenAPI - AISP v3
This is documentation of the AISP services of Air Bank OpenAPI.
Access to this API can be granted only to entities holding a PSD2 license issued by the Czech National Bank or other relevant regulatory body.
Versions
| Version num. | Link | Valid from | Valid to |
|---|---|---|---|
| 0 | documentation | 13.1.2018 | 1.6.2019 |
| 1 | documentation | 22.6.2018 | 31.8.2020 |
| 2 | skipped | ||
| 3 | documentation | 24.4.2020 |
There are some rules that are valid throughout whole API.
Naming conventions
-
we use camelCase for all object and property names
-
we use plural in resource names
Paging
-
some resources (stated in documentation) that return collection of objects support pagination.
-
on request:
- query parameter
size- number of items on the page - query parameter
page- page number (starts from 0) parameter
- query parameter
-
on response:
- pageNumber - current page
- pageCount - total pages
- pageSize - items per page
- nextPage - next page number
- totalCount - total number of items
Example request:
curl -X GET https://api.airbank.cz/openapi/accountInfo/v3/my/accounts?size=3&page=0}Example response with pagingInfo:
{ "pageNumber": 0,
"pageCount": 2,
"pageSize": 3,
"nextPage": 1,
"totalCount": 5,
"accounts": [
{
"id": "D2C8C1DCC51A3738538A40A4863CA288E0225E52",
"identification":{
"iban": "CZ0708000000001019382023",
}
}Sorting
-
some resources (stated in documentation) suppors result sorting. You can specify sorting attributes using
sortrequest parameter. -
each resource that supports sorting specifies list of attributes that can be used for sorting.
Ordering
-
some resources (stated in documentation) suppors result ordering. You can specify ordering attributes using
orderrequest parameter. -
each resource that supports sorting specifies list of attributes that can be used for ordering.
Filtering
Some resources (stated in documentation) supports results filtering. Such resources have list of filters specified possible values.
You can specify filtering by passing filter attribute.
API calls limits
When limit is reached, you receive HTTP error 429. To inform you about limits we use following headers:
-
X-Rate-Limit-Limit- The number of allowed requests in the current period -
X-Rate-Limit-Remaining- The number of remaining requests in the current period -
X-Rate-Limit-Reset- The number of seconds left in the current period
Bandwith usage reducing
GZIP compression
- we support GZIP compression of responses. Client must specify header
Accept-Encoding: gzipin request in order to use the compression.
Versioning
We use API version in URL (e.g. https://api.airbank.cz/openapi/accountInfo/v3/my/accounts). Minor changes (see below) that don’t break backwards compatibility do NOT increase API version, e.g. they may happen without prior notice and your application should be ready to handle them.
Minor changes include:
-
adding new resource
-
adding new optional header/URL parameter or optional body attribute to request
-
adding new attribute to response body
-
adding new error codes and messages, provided that error structure is the same
Language
We use English.
Response encoding
Unless stated otherwise, all responses are sent as Content-Type: application/json;charset=UTF-8
HTTP status codes
We use following status codes throughout the API, except for OAuth flow when response codes are prescribed in RFC
-
200
OK- request was successful -
201
Created- request was successful and resource was created -
204
No content- we accepted your request but there is nothing to return (e.g. response is empty) -
400
Bad Request- syntax error, e.g. request is missing required parameters/attributes or parameter values are of incorrect type -
401
Unauthorized- your API key is wrong or user not authorized (not logged in) -
403
Forbidden- access denied (e.g. user / application is not allowed to use the resource) -
404
Not Found- resource could not be found -
405
Method Not Allowed- specified method is not allowed for resource -
422
Unprocessable Entity- validation (semantic) errors. Request is well-formed, but cannot be processed (e.g. payment due date is in past). Errors are specified in response body (see below) -
429
Too Many Requests- you exceeded the rate limit (see API usage limits below) -
500
Internal Server Error- something went wrong on our side -
503
Service Unavailable- there is planned service outage
API usage limits
Our API has usage limits, meaning number of API calls that your application can perform during specified time period. On each call, your app wil receive currently set limits and remaining quotas in following headers:
X-RateLimit-Limit-[API_NAME]-Minute: 10 - currently set limit of API calls
X-RateLimit-Remaining-[API_NAME]-Minute: 9 - remaining limit of API calls in given time period
If you exceed limits set for your application, you will receive HTTP status 429 with empty body.
Error handling
Besides HTTP status codes, which are the main indication if something goes wrong, we also use errors object to report more details about errors.
If you don`t have valid refresh and access token or permission, you receive oAuth2 error.
Errors object example:
{
"errors": [
{
"error": "PARAMETER_INVALID",
"message": "Failed to parse date ['date']: Invalid number: date"
}
],
}Error object attributes
| attribute name | description |
|---|---|
| code | http status |
| error | error code |
| message | human readable error description (non-localized) |
Most important error codes
| http status code | error code | description |
|---|---|---|
| 401 | UNAUTHORISED | invalid access token |
| 401 | UNAUTHORISED | invalid certificate |
| 404 | ID_NOT_FOUND | account with id number not found |
| 404 | PAGE_NOT_FOUND | page not found |
| 400 | PARAMETER_INVALID | invalid parameter |
| 400 | DT01 | invalid date |
| 400 | SORT_ERROR | invalid sorting atribute |
| 400 | GENERAL_ERROR | Unspecified (usually unexpected) error |
Formats
-
date and time uses ISO 8601 formatting, e.g.:
- date is represented as
YYYY-mm-dd. Timezone is added when necessary. - time is represented as
Thh:mm:ss. Timezone is added when necessary. - day of week is represented as number 1…7, with 1 being Monday
- week no. 1 is the week with the year’s first Thursday in it
- date is represented as
-
numbers number format is defined by JSON standard, e.g. decimals are separated by
. -
strings (in requests)
- text can’t contain separate “/” (slash) at the beginning or end, or two successive slashes
- allowed characters: a-z A-Z 0-9 / - ? : ( ) . , ’ + _ Space
Sandbox ¶
Sandbox
You can test your API integration with the Sandbox environment.
Endpoints
You can reach our sandbox environment at the following endpoint:
https://api.airbank.cz/sandbox
AISP - https://api.airbank.cz/sandbox/accountInfo/v3/my/accounts
PISP - https://api.airbank.cz/sandbox/paymentInit/v3/my/payments
CISP - use balanceCheck from PISP (same contract)Authentication for Sandbox
For sandbox environment, you can use following secrets:
| clientId | clientSecret |
|---|---|
sandbox_client_id |
sandbox_client_secret |
To retrieve OAuth2 grant code for the sandbox environment, redirect user to login page:
http://developers.airbank.cz/sandbox/login?state=YOUR_STATE_CODE&redirectUri=https://www.airbank.czYou can use any login. You will be redirected to the given redirectUri with the parameter code you can use in the OAuth2 flow at the following endpoint:
https://api.airbank.cz/sandbox/oauth2/tokenThen you can access all the sandbox APIs normally with the returned access_token.
Data
-
There are sample data returned for getAccounts call
-
Transactions are returned only for the account with ID 10000411
-
Payments can be made from the account CZ5430300000001000053019
Security ¶
Security concept of Open API
Security is our key concern. To allow you use our API securely, we divide API resources into three groups, each requiring different level of security.
Public services - prefix /openapi/public
To use public services like list of branches, you need a valid API key. There is no need for users of your application to log in, or even have any agreement with us.
Banking services - prefix /openapi/banking
To use banking services like list of accounts or transactions history, you need a valid OAuth2 access token. Chapter Authentication describes how to get and use it.
Sensitive banking operations - prefix /openapi/banking, stated in documentation
Some extra sensitive banking operations (like entering a payment) requires additional user authorization, on top of valid OAuth2 token. Authorization mechanism is described in chapter Authorization.
Certficates
You need to include a valid user (client SSL) certificate to access all the API resources (except Public APIs). The certificate must be issued according RTS Commission Delegated Regulation (EU) 2018/389.
You must use this client SSL certificate when registering an application with /oauth2/register and then for calling any /oauth2/* resource.
We currently support formats from following certification authorities:
If you have a certificate that has different format and is issued by approved certification authority, please contact us.
API key and Client ID & Secret
OAuth2 client_id, client_secret and api_key for accessing protected services can be created by calling the /oauth2/register endpoint.
Notice: API key from
/oauth2/registerintended for using for calling some services with oauth2 (not for public sevices (/openapi/public/*).
Obtaining API key (for public services only)
You can get API Key in Developers portal for accessing public services (e.g. services that are not bound to current user).
Important: Keep your production API keys safe, as it will identify your application, counts to resource usage limits etc.
Using API key (for public services only)
API key is a 30 character string, that must be passed on each API call in header field called apikey. Example:
curl -H "apikey: 62eb165c070a41d5c1b58d9d3d725ca1" https://api.airbank.cz/openapi/public/branches- if you fail to specify apikey, you will receive
401 Unauthorizederror and following response body:
{"message":"No API Key found in headers, body or querystring"}- if you provide invalid apikey, you will receive
403 Forbiddenerror and following response body:
{"message":"Invalid authentication credentials"}Authentication
To access user sensitive data through API (use /openapi/banking, accountInfo, etc… resources), user must grant your application a permission to do so. Open API uses OAuth2 mechanism to grant permissions to access user data. As for now, only authorization code grant flow is supported. This section describes mechanism and resources to get valid access token and use it to access protected resources.
- if you fail to specify OAuth2 token, you will receive
401 Unauthorizederror and following response body:
{
"error_description": "The access token is missing",
"error": "invalid_request"
}- if you provide invalid OAuth2 token, you will receive
401 Unauthorizederror and following response body:
{
"error_description":"The access token is invalid or has expired",
"error":"invalid_token"
}Developers perspective
-
Register your application at developers portal and request access to OAuth2 protected resources. You have to provide (beside others)
redirect URIattribute - this is the URI user is redirected to after he logs in and approves your application (see below to learn more). You will receiveclient ID,client secretandAPI key(note: those are different than apikey, used to access any resource from public Open API). -
When you wish to access protected resource (pretty much anything under /openapi/banking,accountInfo, etc… path) for the first time, redirect user to
login pagewith parameters:client_id- client ID parameter you received from previous stepresponse_type- only valuecodeis supportedstate- random value that will be returned to you. You should check the value received on successfull redirect back to your app. Setting the state parameter is optional, but highly recommendedredirect_uri- Optional parameter. If you have more than one URL registered with your application, you can select one forwarding address. The redirect_uri parameter must start as at least one URL from the collection of URLs registered with your application. If the redirect_uri parameter is not specified, the first URL to be redirected from the application is used.
Example login request:
https://ib.airbank.cz/?client_id=MYID&response_type=code&state=ehshvnajgtf34IMPORTANT NOTE: Do not use embedded webview in mobile applications, use platform native browser instead.
-
User have to log-in using his bank identity and approve your application’s access
-
If successfull, user is redirected to
redirect URIyou specified at application registration, together with parametercode. This redirect should be handled by your application, in order to exchange code for valid access token; for mobile applications, consider using custom URL scheme (iOS), intents (Android) or similar mechanism.Example redirect URI:
https://myapp.example.com/handle_authentication?code=123arjdmvcskfm&state=ehshvnajgtf34 -
Upon receiving redirect URI on successfull authentication, you have to check
stateparameter - it has to be the same as you passed to login page. If it differs, you should not continue. -
Access API
token resourceand exchangecodefor access token. You will also receive refresh token; you can use it to get new access token when access token validity expires. -
You receive
access tokenthat has limited lifespan (usually to 20 min or so), along withrefresh token. Refresh token can later be used to exchange for new access token, when old one expires. -
Use retireved
access tokento access protected resources by specifying it in headerAuthorization, together with its type, e.g.:curl -H "Authorization: Bearer access_token" https://apiendpoint/openapi/banking/profile
IMPORTANT NOTES:
- You must keep your client secret safe. It serves as your application password.
- Starting from 27 July 2023, refresh token validity is extended from 90 to 180 days.
User perspective
-
User runs your application for the first time
-
Your application redirects user to Open API login page
-
User provides its credentials (user + password, possibly combined with another factor like SMS code etc)
-
User sees a page, that displays details about your application and rights it requested.
-
User authorizes your application’s access and he can start using your application.
Authentication resources
| resource | environment | address |
|---|---|---|
| login page | production | https://ib.airbank.cz |
| token resource | production | /oauth2/token |
Authorization
Sensitive active operations (such as placing a payment order) requires additional authorization, besides existing OAuth2 token. Such resources are marked in documentation. This section describes mechanism and resources used for authorization.
Currently there are two methods of authorization supported:
-
redirecting user to a bank authorization page and grab the authorization result behind the scenes - this is the default and always available method
-
use API resources to initiate and grab the authorization result - this method is only allowed when certain conditions are met (such as user approved authorization methods etc.)
Authorization object
Parameters of authorization are returned as a result of sensitive active operation (e.g. by creating/updating payment order). Authorization object has following structure:
-
authorizationId:
aobrCdeU1Yu4HG_sKQe_uP25B0CYz7hsPYK_w9uF41ZK90KE9mANj(string, required) - internal authorization request identifier, expect arbitrary long string. -
authResultURL:
/openapi/banking/authorization/aobrCdeU1Yu4HG_sKQe_uP25B0CYz7hsPYK_w9uF41ZK90KE9mANj(string, required) - resource used to GET authorization result -
mustRedirect: false (boolean, required) - if set to true, application must redirect user to
redirectURLto complete authorization -
redirectURL:
https://www.airbank.cz/authorization/aobrCdeU1Yu4HG_sKQe_uP25B0CYz7hsPYK_w9uF41ZK90KE9mANj(string, required) - redirect URL for fallback authorization or for redirecting ifmustRedirectis set to true -
status:
IN_PROGRESS(string, required) - authorization status. If status isAUTHORIZED, you can fetch the result by calling appropriate resource.
When mustRedirect is set to true, your app MUST use the redirect method to complete authorization.
Redirect user to bank authorization page
Authorization flow is handled completely by a web page provided by bank. All your app have to do is to redirect user to redirectURL, which initiates the authorization flow. You SHOULD provide query parameter callbackURL to the authorization web page; user will be redirected to this callbackURL when authorization finishes. This callbackURL MUST be registered in developers portal with corresponding application.
You will get the authorization result by calling authResultURL resource after your app gets notified by the redirection.
Use API resources to do the authorization
Alternative method, which is only available when mustRedirect attribute is set to false. Authorization flow is started by active operation itself, and all your app have to do is regularly poll authResultURL resource to retrieve authorization result. Your application SHOULD provide some indication to user that authorization is in progress. Your application SHOULD always provide means to access default authorization method of redirecting to bank authorization page, as this alternative method availability may vary by user.
Security resources ¶
This is the resources used to support security concepts described above.
Application registration ¶
Body
{
"client_name": "Application Name",
"redirect_uris" : [
"https://ib.airbank.cz/paired",
],
"scopes" : [
"PISP",
"AISP",
"CISP"
]
}Headers
Content-Type: application/json;charset=UTF-8Body
{
"client_id": "4224c721d0bf47a5a109250db484e0e8",
"client_secret": "5527f7a57202424f9ed5cc00e8b300fd",
"api_key": "6667f7a57202424f9ed5cc00e8b666fd"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"client_id": {
"type": "string",
"description": "client ID used to retrieve OAuth2 token"
},
"client_secret": {
"type": "string",
"description": "client secret used to retrieve OAuth2 token"
},
"api_key": {
"type": "string",
"description": "key to identify API calling"
}
},
"required": [
"client_id",
"client_secret",
"api_key"
]
}Application registrationPOST/oauth2/register
This resource is used to register an application before accessing other API endpoints. Included scopes must be a subset of these included in an user certificate.
It is not possible to update the application. If you want to update the application record, delete the existing application and register a new one.
Application info ¶
Headers
Content-Type: application/json;charset=UTF-8Body
{
"client_id": "4224c721d0bf47a5a109250db484e0e8",
"client_secret": "5527f7a57202424f9ed5cc00e8b300fd",
"api_key": "6667f7a57202424f9ed5cc00e8b666fd",
"redirect_uris": [
"https://ib.airbank.cz/paired"
],
"client_name": "Application Name"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"client_id": {
"type": "string",
"description": "client ID used to retrieve OAuth2 token"
},
"client_secret": {
"type": "string",
"description": "client secret used to retrieve OAuth2 token"
},
"api_key": {
"type": "string",
"description": "key to identify API calling"
},
"redirect_uris": {
"type": "array",
"description": "List of registered redirect uris"
},
"client_name": {
"type": "string",
"description": "Application name"
}
},
"required": [
"client_id",
"client_secret",
"api_key",
"client_name"
]
}Application infoGET/oauth2/register/{client_id}
This resource is used to retrieve information about an application.
- client_id
string(required) Example: 4224c721d0bf47a5a109250db484e0e8Client id from the registration of the application
Renew OAuth secrets ¶
Headers
Content-Type: application/json;charset=UTF-8Body
{
"client_id": "4224c721d0bf47a5a109250db484e0e8",
"client_secret": "5527f7a57202424f9ed5cc00e8b300fd",
"api_key": "6667f7a57202424f9ed5cc00e8b666fd"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"client_id": {
"type": "string",
"description": "client ID used to retrieve OAuth2 token"
},
"client_secret": {
"type": "string",
"description": "client secret used to retrieve OAuth2 token"
},
"api_key": {
"type": "string",
"description": "key to identify API calling"
}
},
"required": [
"client_id",
"client_secret",
"api_key"
]
}Renew OAuth secretsPOST/oauth2/register/{client_id}/renewSecret
This resource is used to renew client secret used in OAuth2 for given client ID.
- client_id
string(required) Example: 4224c721d0bf47a5a109250db484e0e8Client id from the registration of the application
Delete application ¶
Delete applicationDELETE/oauth2/register/{client_id}
This resource is used to delete application registration.
- client_id
string(required) Example: 4224c721d0bf47a5a109250db484e0e8Client id from the registration of the application
Token exchange resource ¶
Body
{
"grant_type": "authorization_code",
"code": "123arjdmvcskfm",
"redirect_uri": "https://myapp.example.com/handle_authentication",
"client_id": "<your client ID>",
"client_secret": "<your client secret>"
}Headers
Content-Type: application/json;charset=UTF-8Body
{
"access_token": "aa225511dd",
"expires_in": 7200,
"refresh_token": "ff423123aa",
"token_type": "bearer"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"access_token": {
"type": "string",
"description": "OAuth2 access token"
},
"expires_in": {
"type": "number",
"description": "token validity in seconds"
},
"refresh_token": {
"type": "string",
"description": "OAuth2 refresh token"
},
"token_type": {
"type": "string",
"description": "OAuth2 token type"
}
},
"required": [
"access_token",
"expires_in",
"token_type"
]
}Body
{
"grant_type": "refresh_token",
"refresh_token": "123arjdmvcskfm",
"client_id": "<your client ID>",
"client_secret": "<your client secret>"
}Headers
Content-Type: application/json;charset=UTF-8Body
{
"access_token": "aa225511dd",
"expires_in": 7200,
"refresh_token": "ff423123aa",
"token_type": "bearer"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"access_token": {
"type": "string",
"description": "OAuth2 access token"
},
"expires_in": {
"type": "number",
"description": "token validity in seconds"
},
"refresh_token": {
"type": "string",
"description": "OAuth2 refresh token"
},
"token_type": {
"type": "string",
"description": "OAuth2 token type"
}
},
"required": [
"access_token",
"expires_in",
"token_type"
]
}Token exchange resourcePOST/oauth2/token
This resource is used to retrieve access token, either from authorization code or from refresh token.
Token revoke resource ¶
Headers
Content-Type: application/x-www-form-urlencoded;charset=UTF-8Body
token=123arjdmvcskfmBody
___Token revoke resourcePOST/oauth2/token/revoke
This resource is used to revoke an access or refresh token. This operation is not supported by sandbox.
AISP ¶
AISP provides 3 services: Resources for obtaining account overview. You need valid OAuth2 access token to access this resources.
Accounts Overview ¶
Headers
Content-Type: application/json;charset=UTF-8Body
{
"pageNumber": "0",
"pageCount": "3",
"pageSize": "3",
"nextPage": "1",
"totalCount": "8",
"accounts": [
{
"id": "10037188",
"identification": {
"iban": "CZ4130300000001018074010",
"other": "1018074010/3030"
},
"currency": "CZK",
"servicer": {
"bankCode": "3030",
"countryCode": "CZ",
"bic": "AIRACZPP"
},
"nameI18N": "Spořící účet v CZK",
"productI18N": "Spořící účet",
"ownersNames": [
"Karel Spořivka"
]
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"pageNumber": {
"type": "string"
},
"pageCount": {
"type": "string"
},
"pageSize": {
"type": "string"
},
"nextPage": {
"type": "string"
},
"totalCount": {
"type": "string"
},
"accounts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "account ID"
},
"identification": {
"type": "object",
"properties": {
"iban": {
"type": "string",
"description": "account number in IBAN format"
},
"other": {
"type": "string",
"description": "account number in national format"
}
},
"required": [
"iban",
"other"
]
},
"currency": {
"type": "string",
"description": "currency of money"
},
"servicer": {
"type": "object",
"properties": {
"bankCode": {
"type": "string",
"description": "bank code in national format"
},
"countryCode": {
"type": "string",
"description": "currency of money"
},
"bic": {
"type": "string",
"description": "BIC for account"
}
},
"required": [
"bankCode",
"countryCode",
"bic"
]
},
"nameI18N": {
"type": "string",
"description": "account name"
},
"productI18N": {
"type": "string",
"description": "account type"
},
"ownersNames": {
"type": "array",
"description": "names of account owners"
}
},
"required": [
"id",
"identification",
"currency",
"servicer",
"nameI18N",
"productI18N"
]
}
}
},
"required": [
"accounts"
]
}Accounts OverviewGET/accountInfo/v3/my/accounts{?size,page}
Get a list of active and blocked accounts for logged-in user. Only show accounts that are owned by user.
Provided account types:
-
current accounts
-
savings accounts
| feature | supported by resource |
|---|---|
| paging | yes |
| sorting | no |
| ordering | no |
| filtering | no |
Paging
This resource supports paging.
- size
number(optional) Example: 3number of items on the page
- page
number(optional) Example: 0page number (starts from 0) parameter
Account Balances ¶
Headers
Content-Type: application/json;charset=UTF-8Body
{
"balances": [
{
"type": {
"codeOrProprietary": {
"code": "PRCD"
}
},
"creditLine": {
"included": true,
"amount": {
"value": 1000.65,
"currency": "CZK"
}
},
"amount": {
"value": 1000.65,
"currency": "CZK"
},
"creditDebitIndicator": "CRDT",
"date": {
"dateTime": "2018-03-20T15:34:46Z"
}
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"balances": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "object",
"properties": {
"codeOrProprietary": {
"type": "object",
"properties": {
"code": {
"type": "string",
"enum": [
"PRCD",
"CLAV"
],
"description": "PRCD previously closed booked balance, CLAV closing available balance"
}
},
"required": [
"code"
]
}
},
"required": [
"codeOrProprietary"
],
"description": "balance type"
},
"creditLine": {
"type": "object",
"properties": {
"included": {
"type": "boolean",
"description": "if debit or overdraft is included"
},
"amount": {
"type": "object",
"properties": {
"value": {
"type": "number"
},
"currency": {
"type": "string"
}
},
"required": [
"value",
"currency"
],
"description": "amount of agreed and allowed debit or overdraft"
}
},
"required": [
"included"
],
"description": "debit or overdraft"
},
"amount": {
"type": "object",
"properties": {
"value": {
"type": "number"
},
"currency": {
"type": "string"
}
},
"required": [
"value",
"currency"
],
"description": "amount of money for balance"
},
"creditDebitIndicator": {
"type": "string",
"enum": [
"CRDT",
"DBIT"
],
"description": "CRDT indicates positive balance, DBIT indicates negative balance"
},
"date": {
"type": "object",
"properties": {
"dateTime": {
"type": "string",
"description": "actual time in ISO 8601"
}
},
"required": [
"dateTime"
],
"description": "time when balance was obtained"
}
},
"required": [
"type",
"creditLine",
"amount",
"creditDebitIndicator",
"date"
]
}
}
},
"required": [
"balances"
]
}Headers
Content-Type: application/jsonBody
{
"errors": [
{
"error": "ID_NOT_FOUND",
"message": "Account with id [123456789] was not found."
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "array",
"items": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error"
]
}
}
},
"required": [
"errors"
]
}Account BalancesGET/accountInfo/v3/my/accounts/{id}/balance
Returns list of balances for client’s bank account. Account is identified by it’s id. Please retrieve account id by calling accounts overview for logged-in user.
- id
number(required) Example: 1234internal account identifier
Account Transactions ¶
Get transactions of given account.
Headers
Content-Type: application/jsonBody
{
"pageNumber": "0",
"pageCount": "1",
"pageSize": "3",
"nextPage": "1",
"totalCount": "1",
"transactions": [
{
"entryReference": "RB-4567813",
"amount": {
"value": 1000.65,
"currency": "CZK"
},
"creditDebitIndicator": "DBIT",
"reversalIndicator": false,
"status": "BOOK",
"bookingDate": {
"date": "2016-02-09T10:00:00Z"
},
"valueDate": {
"date": "2016-02-09T10:00:00Z"
},
"bankTransactionCode": {
"proprietary": {
"code": "10000101000",
"issuer": "CNB"
}
},
"entryDetails": {
"transactionDetails": {
"references": {
"paymentInformationIdentification": "879213546",
"mandateIdentification": "456789",
"endToEndIdentification": "123456",
"clearingSystemReference": "DTRNOUTO",
"chequeNumber": "516844******8964"
},
"amountDetails": {
"instructedAmount": {
"amount": {
"value": 1000.65,
"currency": "CZK"
}
},
"counterValueAmount": {
"amount": {
"value": 1000.65,
"currency": "CZK"
}
},
"currencyExchange": {
"sourceCurrency": "CZK",
"targetCurrency": "EUR",
"exchangeRate": 28
}
},
"charges": {
"beare": "OUR"
},
"relatedParties": {
"debtor": {
"name": "Hello, world!",
"postalAddress": {
"country": "CZ",
"addressLine": "Evropská 2690/17, 160 00 Praha 6"
}
},
"debtorAccount": {
"identification": {
"iban": "CZ4130300000001018074010",
"other": {
"identification": "1018074010/3030"
}
},
"currency": "CZK",
"name": "Běžný účet v CZK"
},
"creditor": {
"name": "Hello, world!",
"postalAddress": {
"country": "CZ",
"addressLine": "Evropská 2690/17, 160 00 Praha 6"
}
},
"creditorAccount": {
"identification": {
"iban": "CZ4130300000001018074010",
"other": {
"identification": "1018074010/3030"
}
},
"currency": "CZK",
"name": "Běžný účet v CZK"
}
},
"relatedAgents": {
"debtorAgent": {
"financialInstitutionIdentification": {
"bic": "AIRACZPP",
"clearingSystemMemberIdentification": {
"memberIdentification": "3030"
},
"name": "Air Bank a.s.",
"postalAddress": {
"country": "CZ",
"addressLine": "Evropská 2690/17, 160 00 Praha 6"
}
}
},
"creditorAgent": {
"financialInstitutionIdentification": {
"bic": "AIRACZPP",
"clearingSystemMemberIdentification": {
"memberIdentification": "3030"
},
"name": "Air Bank a.s.",
"postalAddress": "Hello, world!"
}
}
},
"remittanceInformation": {
"unstructured": "messageForReceiver:text of message|messageForSender:text of message",
"structured": {
"creditorReferenceInformation": {
"reference": "VS:123456/KS:456789/SS:879213546"
}
}
},
"additionalTransactionInformation": "Odchozí platba"
}
}
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"pageNumber": {
"type": "string"
},
"pageCount": {
"type": "string"
},
"pageSize": {
"type": "string"
},
"nextPage": {
"type": "string"
},
"totalCount": {
"type": "string"
},
"transactions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"entryReference": {
"type": "string",
"description": "internal transaction identifier"
},
"amount": {
"type": "object",
"properties": {
"value": {
"type": "number"
},
"currency": {
"type": "string"
}
},
"required": [
"value",
"currency"
],
"description": "transaction amount in account currency"
},
"creditDebitIndicator": {
"type": "string",
"enum": [
"DBIT",
"CRDT"
],
"description": "transaction direction"
},
"reversalIndicator": {
"type": "boolean"
},
"status": {
"type": "string",
"enum": [
"BOOK",
"PDNG"
],
"description": "transaction status"
},
"bookingDate": {
"type": "object",
"properties": {
"date": {
"type": "string"
}
},
"required": [
"date"
],
"description": "date when bank processed transaction - ISO Date format"
},
"valueDate": {
"type": "object",
"properties": {
"date": {
"type": "string"
}
},
"required": [
"date"
],
"description": "maturity date of payment - ISO Date format"
},
"bankTransactionCode": {
"type": "object",
"properties": {
"proprietary": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"issuer": {
"type": "string"
}
},
"required": [
"code",
"issuer"
]
}
},
"required": [
"proprietary"
],
"description": "bank transaction code according to enumeration issued by Czech bank association for this particular payment"
},
"entryDetails": {
"type": "object",
"properties": {
"transactionDetails": {
"type": "object",
"properties": {
"references": {
"type": "object",
"properties": {
"paymentInformationIdentification": {
"type": "string",
"description": "specific symbol"
},
"mandateIdentification": {
"type": "string",
"description": "constant symbol"
},
"endToEndIdentification": {
"type": "string",
"description": "variable symbol"
},
"clearingSystemReference": {
"type": "string",
"description": "internal payment type identifier"
},
"chequeNumber": {
"type": "string",
"description": "payment card number"
}
}
},
"amountDetails": {
"type": "object",
"properties": {
"instructedAmount": {
"type": "object",
"properties": {
"amount": {
"type": "object",
"properties": {
"value": {
"type": "number"
},
"currency": {
"type": "string"
}
},
"required": [
"value",
"currency"
]
}
},
"required": [
"amount"
],
"description": "transaction amount in account currency"
},
"counterValueAmount": {
"type": "object",
"properties": {
"amount": {
"type": "object",
"properties": {
"value": {
"type": "number"
},
"currency": {
"type": "string"
}
},
"required": [
"value",
"currency"
]
}
},
"required": [
"amount"
],
"description": "required amount and currency"
},
"currencyExchange": {
"type": "object",
"properties": {
"sourceCurrency": {
"type": "string"
},
"targetCurrency": {
"type": "string"
},
"exchangeRate": {
"type": "number"
}
},
"required": [
"sourceCurrency",
"targetCurrency",
"exchangeRate"
],
"description": "exchange rate"
}
},
"required": [
"instructedAmount"
]
},
"charges": {
"type": "object",
"properties": {
"beare": {
"type": "string"
}
}
},
"relatedParties": {
"type": "object",
"properties": {
"debtor": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "name of the related party"
},
"postalAddress": {
"type": "object",
"properties": {
"country": {
"type": "string"
},
"addressLine": {
"type": "string"
}
},
"required": [
"addressLine"
],
"description": "address of the related party"
}
},
"description": "debtor identification"
},
"debtorAccount": {
"type": "object",
"properties": {
"identification": {
"type": "object",
"properties": {
"iban": {
"type": "string"
},
"other": {
"type": "object",
"properties": {
"identification": {
"type": "string"
}
},
"required": [
"identification"
]
}
}
},
"currency": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"identification"
],
"description": "debtor account identification"
},
"creditor": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "name of the related party"
},
"postalAddress": {
"type": "object",
"properties": {
"country": {
"type": "string"
},
"addressLine": {
"type": "string"
}
},
"required": [
"addressLine"
],
"description": "address of the related party"
}
},
"description": "creditor identification"
},
"creditorAccount": {
"type": "object",
"properties": {
"identification": {
"type": "object",
"properties": {
"iban": {
"type": "string"
},
"other": {
"type": "object",
"properties": {
"identification": {
"type": "string"
}
},
"required": [
"identification"
]
}
}
},
"currency": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": [
"identification"
],
"description": "creditor account identification"
}
}
},
"relatedAgents": {
"type": "object",
"properties": {
"debtorAgent": {
"type": "object",
"properties": {
"financialInstitutionIdentification": {
"type": "object",
"properties": {
"bic": {
"type": "string",
"description": "BIC for account"
},
"clearingSystemMemberIdentification": {
"type": "object",
"properties": {
"memberIdentification": {
"type": "string"
}
},
"required": [
"memberIdentification"
]
},
"name": {
"type": "string"
},
"postalAddress": {
"type": "object",
"properties": {
"country": {
"type": "string"
},
"addressLine": {
"type": "string"
}
},
"required": [
"addressLine"
]
}
},
"required": [
"clearingSystemMemberIdentification",
"name"
]
}
},
"required": [
"financialInstitutionIdentification"
],
"description": "debtor bank identification"
},
"creditorAgent": {
"type": "object",
"properties": {
"financialInstitutionIdentification": {
"type": "object",
"properties": {
"bic": {
"type": "string",
"description": "BIC for account"
},
"clearingSystemMemberIdentification": {
"type": "object",
"properties": {
"memberIdentification": {
"type": "string"
}
},
"required": [
"memberIdentification"
]
},
"name": {
"type": "string"
},
"postalAddress": {
"type": "string"
}
},
"required": [
"clearingSystemMemberIdentification",
"name"
]
}
},
"required": [
"financialInstitutionIdentification"
],
"description": "creditor bank identification"
}
}
},
"remittanceInformation": {
"type": "object",
"properties": {
"unstructured": {
"type": "string"
},
"structured": {
"type": "object",
"properties": {
"creditorReferenceInformation": {
"type": "object",
"properties": {
"reference": {
"type": "string"
}
}
}
}
}
},
"description": "additional information about payment"
},
"additionalTransactionInformation": {
"type": "string",
"description": "description, possibly additional information abouttransaction"
}
},
"required": [
"references",
"amountDetails",
"relatedParties",
"relatedAgents"
]
}
},
"required": [
"transactionDetails"
]
}
},
"required": [
"entryReference",
"amount",
"creditDebitIndicator",
"status",
"bookingDate",
"valueDate",
"bankTransactionCode",
"entryDetails"
]
}
}
},
"required": [
"transactions"
]
}Headers
Content-Type: application/jsonBody
{
"errors": {
"error": "SORT_ERROR",
"message": "Invalid sorting attribute: attribute"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}
}
}Headers
Content-Type: application/jsonBody
{
"errors": {
"error": "SORT_ERROR",
"message": "Invalid ordering attribute: attribute"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}
}
}Headers
Content-Type: application/jsonBody
{
"errors": {
"error": "PARAMETER_INVALID",
"message": "Failed to parse date: Invalid number: date"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}
}
}Headers
Content-Type: application/jsonBody
{
"errors": {
"error": "DT01",
"scope": "fromDate",
"message": "DATE_IN_FUTURE"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"scope": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}
}
}Headers
Content-Type: application/jsonBody
{
"errors": {
"error": "UNAUTHORIZED",
"scope": "fromDate",
"message": "Expired consent for transaction history older than 90 days"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"errors": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"scope": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}
}
}Account TransactionsGET/accountInfo/v3/my/accounts/{accountId}/transactions{?fromDate,toDate,size,page,sort,order}
Get a list of transactions on given account. Only realized transactions are returned. If no order is specified, transactions are sorted according to their valueDate in descending order (newest first).
Two different situations can occur when getting a list of transactions. Both situations depend on the fromDate value in the request.
-
If the fromDate value is set for less than 90 days in the past (this applies even if it is not specified at all, in which case today’s date minus 90 days is used), then the response contains transactions in the required time range.
-
If the fromDate value is set for more than 90 days in the past, two situations can occur again:
-
If the validity of strong verification has expired, an error response is returned to the client with the information that we cannot provide him with data for the selected time range. The limitation and necessity of strong authorization is subject to the applicable EU legislation 2018/389. The validity of the strong authentication (SCA) is 10 minutes from the generation of the oauth2 token using the one-time code. Only during this time it is possible to get transaction history older than 90 days.
-
If the strong verification has not yet expired, then the data for the requested period is returned.
-
The number of records in the response is limited to a maximum of 1000 items. If this limit is reached, use a filter to restrict the query.
| feature | supported by resource |
|---|---|
| paging | yes |
| sorting | yes |
| ordering | yes |
| filtering | yes |
Paging
This resource supports paging.
Sorting
This resource supports sorting. You can sort results by these attributes:
-
valueDate (default)
-
realizationDate
-
transactionType
-
value.amount
You can only specify one attribute for sorting!
Example:
GET /openapi/accountInfo/v3/my/accounts/1234/transactions?sort=valueDate
- get transactions on account with id=1234, sorted by valueDate.
Ordering
This resource supports ordering. You can order results by these attributes:
| atribute | description |
|---|---|
| ASC | ascending |
| DESC | descending |
Example:
GET /openapi/accountInfo/v3/my/accounts/1234/transactions?order=DESC
- get transactions on account with id=1234, ordered descending.
Filtering
This resource supports results filtering. You can use following atributes:
| atribute | description |
|---|---|
| fromDate | date in ISO 8601 format |
| toDate | date in ISO 8601 format |
Example:
GET /openapi/accountInfo/v3/my/accounts/1234/transactions?fromDate=2018-02-02
- get transactions on account with id=1234 from 2.2.2018
- accountId
number(required) Example: 1234internal account identifier
- fromDate
string(required) Example: 201802-06 (date, optional) - filtering parameter
- toDate
string(required) Example: 201803-06 (date, optional) - filtering parameter
- size
number(optional) Example: 3number of items on the page
- page
number(optional) Example: 0page number (starts from 0) parameter
- sort
string(optional) Example: transactionTypesorting parameter
- order
string(optional) Example: ASCordering parameter
Generated by aglio on 21 Mar 2024