Sandbox

ligne89C3

Introduction

Ths test environment can be used in 2 ways :

  • Try-it mode on 89C3 API portal (see use case "Try-it mode") ;

  • either directly via your app : this mode is described hereafter.

   

Fictive data are used in this context (see use case "Test our persona").

 

Prerequisites

You have to declare your APP on our portal (menu "My applications") and to send us : 

  • your organisation agreement identifier (OID) as defined by your national competent authority ;
  • the public keys of tour test QWAC & QSEALC eiDAS compliant certificates ;
  • your callback uri (redirect_uri).

Reminder : you have to get your "AISP" agrement (or being in process of getting it). 

 

Step-by-step approach for testing AISP from your app

 

1rst step : request the access token 

This token is mandatory to consume API resources.

This call triggers the PSU redirection towards his ASPSP. See the use case "Get your token".

 

NB : if the PSU has accounts in different ASPSP, you need one access token per APSPS.

 

Our entry point depends on ASPSP code : www.<cdetab>.sandbox.api.89C3.com

For this environment, the only Caisse d'Epargne available is CE Ile de France with <codetab> = 17515.

 

 

Example :

GET  https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/authorize

Headers :

Content-Type : application/x-www-form-urlencoded; charset=utf-8

Params:

   response_type : code

   client_id : PSDFR-ACPR-13807

   redirect_uri : https://www.mycallback.com/

    scope : aisp

Remark : 

    client_id : your organisation agreement identifier as defined by your national competent authority (PSDXX-YYYY-ZZZZZ).

    redirect_uri : callback URL as declared in your APP 

                         AND

                         to be forwarded to ASPSP for each sandbox and Go Live requests 

 

2nd step : redirection to PSU screens

Once the redirected is activated, the ASPSP displays to PSU identificaiton and authentification screens. 

The UX is shown below :  

 

cinématique globale AISP UK V1

 

 

IDENTIFICATION & AUTHENTICATION SCA

 

1) PSU can enter his online banking ID thru the identification screen displayed by the ASPSP.

sandbox ecran mob ID saisi4

NB : if PSU is an enterprise, another screen requesting the usage number can be displayed.

 

2) PSU needs to enter his SCA credentials in the authentication screen.

Different SCA means can be used by the PSU (SMS OTP - see below-, soft token, etc.).

sandbox ecran mob SCA saisi2   or for the sandbox  ecran SMS sandbox

 

In some cases, a notification can be sent to the PSU to activate his PSU mean, or to finish this step.

Capture SCA OK3

 

 

3rd step : get your access_token

You can get your access token to be able to consume API resources.

Before that, AISP has to get PSU consent regarding which data can be accessed.

See use case "Get your token".

 

 

Example 

POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token

 

Header :

Content-Type : application/x-www-form-urlencoded; charset=utf-8

Params :

client_id : PSDFR-ACPR-13807

grant_type : authorization_code

code : NnZx1hqHY2CLkCFjiTwhJeflgNnCrB

        redirect_uri : https://www.mycallback.com/

 

Remarks : 

   client_id : your agreement number as defined by your national competent authority (PSDXX-YYYY-ZZZZZ).

    code : data in callback url 

    redirect_uri : this data needs to be strictly identical to the "redirect_uri" one used in the GET /authorize request !!!

    The QWAC eiDAS certificate has to be sent with this request.

 

 

Response : 

"access_token" : "KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAs6iLw",

"token_type" : "Bearer", 

"expires_in" : 3600, 

"scope" : "aisp offline_access",  

"refresh_token" : "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa"

}

 

 

4th step : access to data  

  • Get the list of accounts 

See use case "Get accounts list". 

Example :

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts

 

Headers :
 Authorization : Bearer < access_token received >
 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 
 Signature : < signature >

 No body

Remarks :

  • Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected

No body 

Response : 200 OK

Headers :
  X-request-id : id-1234567890111121

Body :

{

    "_links": {

        "self": {

            "templated": false,

            "href": "/stet/psd2/v1/accounts"

        }

    },

    "accounts": [

        {

            "cashAccountType": "CACC",

            "accountId": {

                "iban": "FR7617515000920400430518020"

            },

            "resourceId": "175150009204004305180",

            "_links": {

                "balances": {

                    "templated": false,

                    "href": "/stet/psd2/v1/accounts/175150009204004305180/balances"

                },

                "transactions": {

                    "templated": true,

                    "href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"

                }

            },

            "usage": "PRIV",

            "psuStatus": "Account Holder",

            "name": "LEA SANDBOXA",

            "currency": "EUR"

        },

        {

            "cashAccountType": "CACC",

            "accountId": {

                "iban": "FR7617515000920400851811524"

            },

            "resourceId": "175150009204008518115",

            "_links": {

                "balances": {

                    "templated": false,

                    "href": "/stet/psd2/v1/accounts/175150009204008518115/balances"

                },

                "transactions": {

                    "templated": true,

                    "href": "/stet/psd2/v1/accounts/175150009204008518115/transactions"

                }

            },

            "usage": "PRIV",

            "psuStatus": "Account Holder",

            "name": "LEA SANDBOXA",

            "currency": "EUR"

        }

    ]

}

 

  • Send PSU consent to ASPSP 

See use case "Forward PSU consent". 

Example :

PUT https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/consents

 

Headers :

 Authorization : Bearer < access_token received >
 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 
 Signature : < signature >

 

Body

{

  "balances": [

    {

      "iban": "FR7617515000920400430518020"

    },

    {

      "iban": "FR7617515000920400851811524"

    }

  ],

  "transactions": [

    {

      "iban": "FR7617515000920400430518020"

    },

    {

      "iban": "FR7617515000920400851811524"

    }

  ],

  "trustedBeneficiaries": false,

  "psuIdentity": false

}

Response & Body :

201 « Created »

Headers :

 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 

 No body

 

 

  • Get the balances  

See use case "Accounting balances". 

Example :

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts/{accountResourceId}/balances

 

Headers :

 Authorization : Bearer < access_token received >
 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 
 Signature : < signature >

 No body

 

Response & Body :

200 OK

Headers :

 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 

Body :

{

    "balances": [

        {

            "balanceType": "CLBD",

            "name": "Solde comptable au 28/09/2018",

            "balanceAmount": {

                "amount": "-150.00",

                "currency": "EUR"

            }

        }

    ],

    "_links": {

        "self": {

            "templated": false,

            "href": "/stet/psd2/v1/accounts/175150009204004305180/balances"

        },

        "transactions": {

            "templated": true,

            "href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"

        },

        "parent-list": {

            "templated": false,

            "href": "/stet/psd2/v1/accounts"

        }

    }

}

 

  • Get transactions history 

See use case "Get transactions history". 

 

Example :

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts/{accountResourceId}/transactions

 

Headers :

 Authorization : Bearer < access_token received >
 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 
 Signature : < signature >

 No body

 

Response & Body :

200 OK

Headers :

 X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response > 
 

Body

{

    "_links": {

        "balances": {

            "templated": false,

            "href": "/stet/psd2/v1/accounts/175150009204004305180/balances"

        },

        "self": {

            "templated": true,

            "href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"

        },

        "parent-list": {

            "templated": false,

            "href": "/stet/psd2/v1/accounts"

        }

    },

    "transactions": [

        {

            "resourceId": null,

            "remittanceInformation": [

                "Retrait Carte"

            ],

            "transactionAmount": {

                "amount": "13.00",

                "currency": "EUR"

            },

            "bookingDate": "2019-09-05",

            "creditDebitIndicator": "DBIT",

            "status": "BOOK"

        }

    ]

}

 

 

  • Refresh your access token

See use case "Refresh your token". 

 

Example :

POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token

 

Header : 

Content-Type : application/x-www-form-urlencoded; charset=utf-8

Body :

client_id : PSDFR-ACPR-13807

grant_type : refresh_token

refresh_token : KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa

 

Response : 

"access_token" : "4s2Bt3MRL7nlPUZcRTPe5Tjs0v8p7ZOXOyEKs1juYesj9pPaU7hXFA",

"token_type" : "Bearer", 

"expires_in" : 3600, 

"scope" : "aisp offline_access",  

"refresh_token" : "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa"

}