Sandbox
Introduction
Ths test environment can be used in 2 ways :
Try-it mode on 89C3 API portal (see use case "Try-it mode") ;
either directly via your app : this mode is described hereafter.
Fictive data are used in this context (see use case "Test our persona").
Prerequisites
You have to declare your APP on our portal (menu "My applications") and to send us :
- your organisation agreement identifier (OID) as defined by your national competent authority ;
- the public keys of tour test QWAC & QSEALC eiDAS compliant certificates ;
- your callback uri (redirect_uri).
Reminder : you have to get your "AISP" agrement (or being in process of getting it).
Step-by-step approach for testing AISP from your app
1rst step : request the access token
This token is mandatory to consume API resources.
This call triggers the PSU redirection towards his ASPSP. See the use case "Get your token".
NB : if the PSU has accounts in different ASPSP, you need one access token per APSPS.
Our entry point depends on ASPSP code : www.<cdetab>.sandbox.api.89C3.com
For this environment, the only Caisse d'Epargne available is CE Ile de France with <codetab> = 17515.
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/authorize
Headers :
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Params:
response_type : code
client_id : PSDFR-ACPR-13807
redirect_uri : https://www.mycallback.com/
scope : aisp
Remark :
client_id : your organisation agreement identifier as defined by your national competent authority (PSDXX-YYYY-ZZZZZ).
redirect_uri : callback URL as declared in your APP
AND
to be forwarded to ASPSP for each sandbox and Go Live requests
2nd step : redirection to PSU screens
Once the redirected is activated, the ASPSP displays to PSU identificaiton and authentification screens.
The UX is shown below :
IDENTIFICATION & AUTHENTICATION SCA
1) PSU can enter his online banking ID thru the identification screen displayed by the ASPSP.
NB : if PSU is an enterprise, another screen requesting the usage number can be displayed.
2) PSU needs to enter his SCA credentials in the authentication screen.
Different SCA means can be used by the PSU (SMS OTP - see below-, soft token, etc.).
or for the sandbox
In some cases, a notification can be sent to the PSU to activate his PSU mean, or to finish this step.
3rd step : get your access_token
You can get your access token to be able to consume API resources.
Before that, AISP has to get PSU consent regarding which data can be accessed.
See use case "Get your token".
Example
POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token
Header :
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Params :
client_id : PSDFR-ACPR-13807
grant_type : authorization_code
code : NnZx1hqHY2CLkCFjiTwhJeflgNnCrB
redirect_uri : https://www.mycallback.com/
Remarks :
client_id : your agreement number as defined by your national competent authority (PSDXX-YYYY-ZZZZZ).
code : data in callback url
redirect_uri : this data needs to be strictly identical to the "redirect_uri" one used in the GET /authorize request !!!
The QWAC eiDAS certificate has to be sent with this request.
Response :
{
"access_token" : "KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAs6iLw",
"token_type" : "Bearer",
"expires_in" : 3600,
"scope" : "aisp offline_access",
"refresh_token" : "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa"
}
4th step : access to data
- Get the list of accounts
See use case "Get accounts list".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts
Headers :
Authorization : Bearer < access_token received >
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Signature : < signature >
No body
Remarks :
- Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected
No body
Response : 200 OK
Headers :
X-request-id : id-1234567890111121
Body :
{
"_links": {
"self": {
"templated": false,
"href": "/stet/psd2/v1/accounts"
}
},
"accounts": [
{
"cashAccountType": "CACC",
"accountId": {
"iban": "FR7617515000920400430518020"
},
"resourceId": "175150009204004305180",
"_links": {
"balances": {
"templated": false,
"href": "/stet/psd2/v1/accounts/175150009204004305180/balances"
},
"transactions": {
"templated": true,
"href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"
}
},
"usage": "PRIV",
"psuStatus": "Account Holder",
"name": "LEA SANDBOXA",
"currency": "EUR"
},
{
"cashAccountType": "CACC",
"accountId": {
"iban": "FR7617515000920400851811524"
},
"resourceId": "175150009204008518115",
"_links": {
"balances": {
"templated": false,
"href": "/stet/psd2/v1/accounts/175150009204008518115/balances"
},
"transactions": {
"templated": true,
"href": "/stet/psd2/v1/accounts/175150009204008518115/transactions"
}
},
"usage": "PRIV",
"psuStatus": "Account Holder",
"name": "LEA SANDBOXA",
"currency": "EUR"
}
]
}
- Send PSU consent to ASPSP
See use case "Forward PSU consent".
Example :
PUT https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/consents
Headers :
Authorization : Bearer < access_token received >
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Signature : < signature >
Body
{
"balances": [
{
"iban": "FR7617515000920400430518020"
},
{
"iban": "FR7617515000920400851811524"
}
],
"transactions": [
{
"iban": "FR7617515000920400430518020"
},
{
"iban": "FR7617515000920400851811524"
}
],
"trustedBeneficiaries": false,
"psuIdentity": false
}
Response & Body :
201 « Created »
Headers :
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
No body
- Get the balances
See use case "Accounting balances".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts/{accountResourceId}/balances
Headers :
Authorization : Bearer < access_token received >
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Signature : < signature >
No body
Response & Body :
200 OK
Headers :
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Body :
{
"balances": [
{
"balanceType": "CLBD",
"name": "Solde comptable au 28/09/2018",
"balanceAmount": {
"amount": "-150.00",
"currency": "EUR"
}
}
],
"_links": {
"self": {
"templated": false,
"href": "/stet/psd2/v1/accounts/175150009204004305180/balances"
},
"transactions": {
"templated": true,
"href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"
},
"parent-list": {
"templated": false,
"href": "/stet/psd2/v1/accounts"
}
}
}
- Get transactions history
See use case "Get transactions history".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1/accounts/{accountResourceId}/transactions
Headers :
Authorization : Bearer < access_token received >
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Signature : < signature >
No body
Response & Body :
200 OK
Headers :
X-Request-ID : < Correlation header to be set in a request and retrieved in the relevant response >
Body
{
"_links": {
"balances": {
"templated": false,
"href": "/stet/psd2/v1/accounts/175150009204004305180/balances"
},
"self": {
"templated": true,
"href": "/stet/psd2/v1/accounts/175150009204004305180/transactions"
},
"parent-list": {
"templated": false,
"href": "/stet/psd2/v1/accounts"
}
},
"transactions": [
{
"resourceId": null,
"remittanceInformation": [
"Retrait Carte"
],
"transactionAmount": {
"amount": "13.00",
"currency": "EUR"
},
"bookingDate": "2019-09-05",
"creditDebitIndicator": "DBIT",
"status": "BOOK"
}
]
}
- Refresh your access token
See use case "Refresh your token".
Example :
POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token
Header :
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Body :
client_id : PSDFR-ACPR-13807
grant_type : refresh_token
refresh_token : KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa
Response :
{
"access_token" : "4s2Bt3MRL7nlPUZcRTPe5Tjs0v8p7ZOXOyEKs1juYesj9pPaU7hXFA",
"token_type" : "Bearer",
"expires_in" : 3600,
"scope" : "aisp offline_access",
"refresh_token" : "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAs6iLa"
}